KellEngineering
/
open-cmmc-stack
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
open-cmmc-stack/ansible/roles/secure_ubuntu
History
Mike Kell 9b028b095e added tests for identity, file_storage, podman_services and monitoring roles 2025-04-22 02:04:23 +00:00
..
defaults initial comit with first sprint of terraform and ansible files 2025-04-18 00:47:11 +00:00
handlers initial comit with first sprint of terraform and ansible files 2025-04-18 00:47:11 +00:00
meta initial comit with first sprint of terraform and ansible files 2025-04-18 00:47:11 +00:00
tasks added tests for identity, file_storage, podman_services and monitoring roles 2025-04-22 02:04:23 +00:00
templates added tests for identity, file_storage, podman_services and monitoring roles 2025-04-22 02:04:23 +00:00
tests initial comit with first sprint of terraform and ansible files 2025-04-18 00:47:11 +00:00
vars updated preflight and deployment checks 2025-04-21 18:19:40 +00:00
README.md initial comit with first sprint of terraform and ansible files 2025-04-18 00:47:11 +00:00

README.md

🔐 Ansible Role: secure_ubuntu

Harden an Ubuntu 22.04 LTS host to meet CMMC Level 2 compliance requirements using a modular, auditable Ansible role.

This role configures:

  • SSH and login security
  • Non-root administrative user
  • System auditing and file integrity monitoring
  • UFW firewall
  • Secure banners for compliance
  • Automatic updates and password policies

CMMC Practices Addressed

Domain Practice Description
AC AC.1.001 Limit system access to authorized users
AC AC.3.017 Display system use notifications (login banner)
CM CM.2.062 Employ security configuration baseline
SI SI.1.210 Identify unauthorized use of systems
SI SI.3.219 Detect and report unauthorized changes to software

📦 Requirements

  • Ubuntu 22.04 LTS
  • Ansible >= 2.11

🚀 Role Variables

secure_user: cmmcadmin
ssh_pubkey_path: "~/.ssh/id_rsa.pub"

Set ssh_pubkey_path to the local path of the public key to be authorized for secure_user.

📁 Example Playbook

- name: Apply CMMC hardening baseline
  hosts: all
  become: yes
  roles:
    - role: secure_ubuntu
      vars:
        secure_user: cmmcadmin
        ssh_pubkey_path: "~/.ssh/id_rsa.pub"

📁 File Structure

roles/
└── secure_ubuntu/
    ├── defaults/
    │   └── main.yml
    ├── meta/
    │   └── main.yml
    ├── tasks/
    │   ├── main.yml
    │   ├── ssh.yml
    │   ├── user.yml
    │   ├── firewall.yml
    │   ├── audit_aide.yml
    │   ├── banner.yml
    │   ├── updates.yml
    │   └── password_policy.yml
    └── README.md

🔒 License

MIT License

🧠 Author

Maintained by Kell Engineering
https://github.com/mtkell/open-cmmc-stack