Skip to content

hakkutu-en/ansible-role-openscap

BranchesTags

Repository files navigation

Molecule CI/CD Ansible Galaxy Role Import Community Support License: MIT Contributor Covenant

Ansible Role: OpenSCAP

This role applies the CIS Benchmarks Server Level 2 recommendations on RedHat, Amazon Linux and Ubuntu on your target host(s).

Important

This role is still in active development. There may be unidentified issues and the role variables may change as development continues.

Requirements

If you want to use this role, you will need to use a supported version of Ansible Core. Ansible Lint and Ansible Molecule are used if you want to contribute to this role.

  • This role is developed and tested with maintained versions of Ansible core and Python.
  • Ansible Lint is used to lint the role for both Ansible best practices and potential Ansible/YAML issues.
  • Ansible Molecule is used to test the various functionalities of the role.

Role Installation

This role can be installed via either Ansible Galaxy (the Ansible community marketplace) or by cloning this repo. Once installed, you will need to include the role in your Ansible playbook using the roles keyword, the import_role module, or the include_role module.

Ansible Galaxy

To install the latest stable release of the role on your system, use:

ansible-galaxy install hakkutu-en.openscap

Alternatively, if you have already installed the role, you can update the role to the latest release by using:

ansible-galaxy install -f hakkutu-en.openscap

To use the role, include the following task in your playbook:

- name: "Apply CIS Benchmark Server Level 2"
  ansible.builtin.include_role:
    name: "hakkutu-en.openscap"

Git

To pull the latest release of the role from GitHub, use:

git clone https://github.com/hakkutu-en/ansible-role-openscap.git

To use the role, include the following task in your playbook:

- name: "Apply CIS Benchmark Server Level 2"
  ansible.builtin.include_role:
    name: "</path/to/repo>"

Role Variables

This role has multiple variables, the defaults variables are found at defaults/main.yml. See below variables and their descriptions:

Name Description
file_owner The owning user of role content
file_group The owning group of role content
directory_mode Permission set for directories
file_mode Permission set for files
tmp_directory User specifc temporary directory
scap_package_name Name of scap package based on OS Family
scap_content_version The release version for ComplianceAsCode content
scap_content_file The release assest file name from ComplianceAsCode
scap_content_url The URL markup for downloading ComplianceAsCode content
sudoers_base_directory The base directory where sudoers file is located
sudoers_filename The file name for sudo configuration
scap_execution_parameters The SCAP parameters used to run the script or playbook for application

Dependencies

None

License

MIT

Author Information

This role was created in 2025 by Yamkela (hakkutu-en)

About

Ansible role for implementing CIS Benchmarks

Topics

security benchmark cis compliance hardening openscap

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published