Ansible, CIS, and Ubuntu22 Jun 2015
Following on from my RHEL and CIS with Ansible post, comes qutie a bit of work to proceed down the Ubuntu path in applying CIS benchmarks with Ansible. Before we get too deep, however, it is important to call out that this Ansible role is still based on the RHEL benchmarks, just applied to the applicable systems in Ubuntu. This is because the benchmarks for RHEL have been further developed and harden many parts of the system the Ubuntu benchmarks didn’t touch.
To begin with, we’ll use the adapted Ansible role from here. Like so:
git clone https://github.com/bunchc/ansible-role-cis /etc/ansible/roles/cis-ubuntu
From there, create a playbook.yaml that contains the following:
- hosts: all user: root tasks: - group_by: key=os_ - hosts: os_CentOS user: root roles: - cis-centos - hosts: os_Ubuntu user: root roles: - cis-ubuntu
Your playbook file contains three sections. The first uses a ‘group_by’ task to separate hosts out by operating system. The last two sections then apply the right CIS role according to the OS reported back in.
Finally, apply the playbooks as follows:
ansbile-playbook -i /etc/ansible/hosts ./playbook.yaml