We have seen multiple playbooks and guidelines for following different standards in Chapter 7, Security Hardening for Applications and Networks. This can be completely customized based on your environment, but following certain guidelines will ensure it's well protected.
The following playbook is created by DevSec for Linux baselines. It covers most of the required hardening checks based on multiple standards, which includes Ubuntu Security Features, NSA Guide to Secure Configuration, ArchLinux System Hardening and other. This can be improved if required by adding more tasks (or) roles.
Ansible OS Hardening Playbook covers
- Configures package management, that is, allows only signed packages
- Removes ...