The RHEL9 Level 3 Protect Ansible role is designed to automate the configuration and hardening of AlmaLinux 9.4 systems to comply with the Level 3 requirements of the Chinese Information Security Standard (等保 3 级). This role ensures that your systems are secured according to best practices, covering aspects such as SSH configuration, user management, firewall settings, and more.
- OS Validation: Ensures the role runs only on supported operating systems.
- Software Installation: Installs and configures essential packages.
- SSH Hardening: Secures SSH configurations with custom settings.
- User Management: Manages user accounts and enforces password policies.
- Firewall Configuration: Sets up and configures firewalld with necessary ports.
- System Optimization: Tweaks system limits and kernel parameters for optimal performance.
- Logging and Auditing: Configures rsyslog and auditd for comprehensive logging.
- Cleanup Tasks: Removes unnecessary files and cleans system caches.
- Operating System: AlmaLinux 9.4
- Ansible Version: 2.17.5 or higher
- Dependencies: Ensure all dependencies listed in
requirements.txt
are installed.
-
Clone the Repository
git clone https://github.com/yourusername/RHEL9-Level3-Protect.git cd RHEL9-Level3-Protect
-
Install Dependencies
pip install -r requirements.txt
-
Configure Inventory Update the
hosts.yml
file with your target hosts:all: hosts: host1: ansible_host: 10.0.66.66 ansible_user: vagrant ansible_password: vagrant
Execute the playbook using the following command:
ansible-playbook -i hosts.yml site.yml
Customize the configuration by editing the variables in defaults/main.yml
:
- SSH Settings: Customize SSH port, login timeout, and other SSH parameters.
- User Credentials: Set passwords for root, admin, and dev users.
- Firewall Ports: Define which ports to open in the firewall.
- System Settings: Adjust system limits, timezone, and other kernel parameters.
- name: Apply RHEL9 Level 3 Protect
hosts: all
become: true
roles:
- role: "{{ playbook_dir }}"
This project is licensed under the Apache License 2.0.
Contributions are welcome! Please submit a pull request or open an issue for any enhancements or bugs.
For support, please contact Berny Linville.