How to harden Red Hat Enterprise Linux (RHEL) to the CIS benchmark using Ansible

preview_player
Показать описание

  1. Ben Blasco's Tech Videos
Рекомендации по теме
How to harden 0:07:30

How to harden Red Hat Enterprise Linux (RHEL) to the CIS benchmark using Ansible

10 Tips for 0:22:48

10 Tips for Hardening your Linux Servers

How to Achieve 0:40:13

How to Achieve CIS Benchmark Compliance to Harden Linux Systems | Into the Terminal 120

Why Linus Torvalds 0:02:43

Why Linus Torvalds doesn't use Ubuntu or Debian

Install and List 0:04:44

Install and List Red Hat Enterprise Linux Security Updates and CVEs

How to Install 0:04:14

How to Install and Run OpenSCAP on RHEL

Server Hardening | 0:30:03

Server Hardening | Linux OS Hardening | Based on Real-time Scenario | Linux Tutorial | ARV SoftTech

5 Great Ways 0:13:29

5 Great Ways to Harden your Linux Server

Mitigating Vulnerabilities on 0:11:44

Mitigating Vulnerabilities on Red Hat Enterprise Linux

Data Security and 0:17:58

Data Security and Storage Hardening in Rook and Ceph - Federico Lucifredi, Red Hat

SSH Server Hardening 0:07:07

SSH Server Hardening | How to harden an SSH server? - Networknuts

What Is SCAP 0:07:57

What Is SCAP

Using Satellite and 0:05:40

Using Satellite and Ansible to configure Red Hat Enterprise Linux (RHEL) systems

Linux Hardening for 0:40:01

Linux Hardening for Home Computers and Servers

Just don’t call 0:00:50

Just don’t call it a chai tea latte.

Red Hat Advanced 0:26:14

Red Hat Advanced Cluster Security - Deep dive demo

How to install 0:07:30

How to install Ansible on RHEL 9 to automate everything

How to Harden 0:25:58

How to Harden a RHEL System Using the DISA Ansible Playbook | Step-by-Step Guide

Linux Security & 0:09:32

Linux Security & Server Hardening: Linux PAM

DISA-STIG Hardening on 0:08:40

DISA-STIG Hardening on Ubuntu Pro 20.04

Rhel9 Security OpenScap 0:17:40

Rhel9 Security OpenScap CIS L1

A Blueprint to 1:00:49

A Blueprint to Cloud Native Security on Red Hat OpenShift

OpenScap on Centos 0:08:59

OpenScap on Centos 8 - CIS benchmark | Part 1

Amazing Golf Swing 0:00:18

Amazing Golf Swing you need to see | Golf Girl awesome swing | Golf shorts | SAM STOCKTON

Комментарии
Автор

Hi Ben,
Very Helpful Video, Need to Clarify Couple of things.
==> you installed ansible and performed hardening task on same machine. If I want to use Ansible as a separate machine and do hardening on multiple vm's . where do I need to perform below things
1. subscription manager enable (Ansible (or) host where I need to perform hardening)
2. install ansible scap-security guide (Ansible (or) host where I need to perform hardening)
3. Ansible playbook I know it will be executed from Ansible vm.

Appreciate your's response,
.Khaled Syed.

syedkhaledbhai
Автор

Hi Ben.I'm currently working on hardening RHEL 9 using the CIS Benchmarks playbook. However, I've noticed that some tasks are being skipped, even though the settings are relevant. I see the message skipping local host in the output. How can i troubleshoot why these tasks are being skipped? Any help would be greatly appreciated. Thanks!

marsamuk
Автор

i want to scan multiple servers of rhel and centOS so far every research i did came to this conclusion that i have to use openscap for scanning and then ansible for hardening my concerns are that if swift wants an organization A do be complaint with cis benchmarks and if i use ansible for the hardening wouldnt it be considered as a third party source. and second how can would we be able to customize the benchmark if it is already present in the ansible package like if the organization suppose doesnt want particular areas to be hardened how will we do that.

abdulsamad
Автор

How can I approach this on an airgapped machine with no access to the red hat repo's?

DJNuckChorris
Автор

Nice video, but in any production environment you wouldn't want to do this given you have no idea if the changes made will. have an impact. This is fine if you just want a vanilla CIS build.

davidaustin
Автор

what is you have make a live node compliant?

swetasingh
Автор

Hi Ben, when i perform this process for RHEL9 i get such an ERROR:

ERROR! couldn't resolve module/action 'ini_file'. This often indicates a misspelling, missing collection, or incorrect module path.

The error appears to be in line 525, column 7, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Disable the GNOME3 Login User List
^ here

what do you recommend for this situation?

mehmeteminkozankurt
Автор

Please create more videos on redhat satelite

SatyamSingh-qoou
Автор

Hi Ben,
I tried to harden but a lot of tasks were skipped. What can cause such action?

HubertKurowski-yibx
Автор

is there any other method available instead of using playbooks ?

JunaidAhmed-oxxd
Автор

nice, how do i practice this, that before and after... I see hipaa up there too

dewaynebranch
Автор

Hi. Performed this on RHEL 8.2 but after rebooting, unable to login. After keyin password, goes back to the login screen. Any advice?

rosli
Автор

Please confirm if this works for RHEL9 with ansible-core

gagandeep