Demonstrates the use of the hardening roles via Ansible to increase the security of your server. It also captures the best practice for using multiple hardening modules.

Once the servers are hardened, we verify the their compliance status via InSpec

• linux-baseline
• ssh-baseline

This playbook installs the following roles on your server:

• ansible-ssh-hardening
• ansible-os-hardening

Install Ansible on your workstation.

Simply install the roles with ansible-galaxy and run the following playbooks against your linux hosts.

# download the roles with ansible-galaxy
ansible-galaxy install dev-sec.os-hardening
ansible-galaxy install dev-sec.ssh-hardening

Create a playbook:

---
- hosts: all
  roles:
    - dev-sec.os-hardening
    - dev-sec.ssh-hardening

Run the play:

ansible-playbook playbook.yml

First install test-kitchen:

gem install bundler
bundle install

Start the virtual machine and run the playbooks:

bundle exec kitchen converge

Verify with inspec tests

bundle exec kitchen verify

Just fire up vagrant:

vagrant up

That's it. Enjoy testing your box via:

vagrant ssh ubuntu-trusty