feat(cis): add selectable profile and per-rule hardening toggles

2026-05-25 04:37:33 +02:00
parent d2a19cfd5c
commit 2c35409519
23 changed files with 753 additions and 192 deletions
--- a/roles/global_defaults/tasks/_normalize_system.yml
+++ b/roles/global_defaults/tasks/_normalize_system.yml
@@ -142,6 +142,9 @@
      features:
        cis:
          enabled: "{{ system_raw.features.cis.enabled | bool }}"
+          profile: "{{ system_raw.features.cis.profile | default('default') | string }}"
+          rules: "{{ system_raw.features.cis.rules | default({}) }}"
+          params: "{{ system_raw.features.cis.params | default({}) }}"
        selinux:
          enabled: "{{ system_raw.features.selinux.enabled | bool }}"
        firewall: