-
Notifications
You must be signed in to change notification settings - Fork 3
Linux
Colin Stubbs edited this page Sep 11, 2018
·
1 revision
Basically what you need to do is utilise the existing Salt formulas that can configure things in a CIS hardened compliant way; or write/fork your own based on existing formulas and utilising Salt state and execution modules.
The following are some existing "official" formulas that work well enough for a CentOS/RHEL 7 system:
- https://github.com/saltstack-formulas/openssh-formula
- https://github.com/saltstack-formulas/users-formula
- https://github.com/saltstack-formulas/firewalld-formula
- https://github.com/saltstack-formulas/hostsfile-formula
- https://github.com/saltstack-formulas/logrotate-formula
- https://github.com/saltstack-formulas/timezone-formula
- https://github.com/saltstack-formulas/xinetd-formula
- https://github.com/saltstack-formulas/sudoers-formula
- https://github.com/saltstack-formulas/sysctl-formula
- https://github.com/saltstack-formulas/mounts-formula
I have had to write new ones, or fork and modify existing formulas, to achieve the level of configuration necessary for other aspects of EL7 systems.
- https://github.com/colin-stubbs/salt-formula-aide.git
- https://github.com/colin-stubbs/salt-formula-at.git
- https://github.com/colin-stubbs/salt-formula-audit.git
- https://github.com/colin-stubbs/salt-formula-cron.git
- https://github.com/colin-stubbs/salt-formula-grub.git
- https://github.com/colin-stubbs/salt-formula-kmods.git
- https://github.com/colin-stubbs/salt-formula-ntp.git
- https://github.com/colin-stubbs/salt-formula-packages.git
- https://github.com/colin-stubbs/salt-formula-pam.git
- https://github.com/colin-stubbs/salt-formula-prelink.git
- https://github.com/colin-stubbs/salt-formula-rsyslog.git
- https://github.com/colin-stubbs/salt-formula-selinux.git
- https://github.com/colin-stubbs/salt-formula-services.git
- https://github.com/colin-stubbs/salt-formula-sssd.git
- https://github.com/colin-stubbs/salt-formula-yum.git
- https://github.com/colin-stubbs/salt-formula-banners.git
- https://github.com/colin-stubbs/salt-formula-fim.git
- https://github.com/colin-stubbs/salt-formula-profile.git