Questions

  1. How do Ansible modules such as lineinfile make security benchmark implementation code more efficient than shell scripting?
  2. How can Ansible tasks be made conditional for a specific server or group of servers?
  3. What are good practices for naming your tasks when writing Ansible tasks to implement the CIS Benchmark?
  4. How might you modify a playbook so that you can easily get the CIS level 1 benchmarks to run without any of the level 2 ones being evaluated?
  5. What is the difference between the --tags and --skip-tags options when running an Ansible playbook?
  6. Why would you want to make use of publicly available open source code for your CIS Benchmark implementation?
  7. What does the -C flag do to a playbook run when used with the ansible-playbook ...

Get Hands-On Enterprise Automation on Linux now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.