feat(cis): add selectable profile and per-rule hardening toggles

2026-05-25 04:37:33 +02:00
parent d2a19cfd5c
commit 2c35409519
23 changed files with 753 additions and 192 deletions
--- a/roles/cis/tasks/main.yml
+++ b/roles/cis/tasks/main.yml
@@ -3,7 +3,6 @@
  ansible.builtin.import_tasks: _normalize.yml

 - name: Apply CIS hardening
-  when: cis_enabled
  block:
    - name: Include CIS hardening tasks
      ansible.builtin.include_tasks: "{{ cis_task }}"
@@ -16,5 +15,11 @@
        - security_lines.yml
        - permissions.yml
        - sshd.yml
+        - warning_banners.yml
+        - password_expiry.yml
+        - aide.yml
+        - auditd.yml
+        - packages.yml
+        - grub_password.yml
      loop_control:
        loop_var: cis_task