I just learned that there is a new Ansible role on Galaxy for the DISA Red Hat Linux 6 STIG. For those not familiar with the “STIG” it is a collection of system settings mandated by the US Department of Defense to improve the security of its systems. Before we had tools like Ansible I imagine configuring a system to these detailed specifications was tedious in the extreme. Now, it can be done to hundreds of machines with ease.
This Ansible role is similar to the one I did for CentOS but frankly it looks better than mine. It’s certainly more complex. I haven’t tried it yet so I don’t know how well it will work on CentOS. I hope to have time in the near future to test it and modify it if necessary for CentOS. My security audit tests should work work against this role as well. More testing to do.
I’m very happy to see this promoted by Ansible as security is critically important to business, especially as the Internet becomes increasingly hostile.
You can view the code for this role on GitHub.