Secure RHEL systems using Ansible Automation Platform

 

 

 

 RHEL server, such as an HTTPd server, a Samba server, FTP, custom policy, etc.

Create Ansible playbooks

---
 - name: Linux hardening
   hosts: rhel_servers
   gather_facts: yes
 
  tasks:
    - name: Set SELinux mode to targeted
      selinux:
        policy: targeted
        state: enforcing

    - name: Allow Apache to connect to the network
      seboolean:
        name: httpd_can_network_connect
        state: yes

    - name: Allow Samba to read user home directories
      seboolean:
        name: samba_enable_home_dirs
        state: yes

    - name: Allow FTP to write files to home directories
      seboolean:
        name: ftpd_full_access
        state: yes

    - name: Copy custom policy module to the server
      copy:
        src: /path/to/custom_policy.pp
        dest: /etc/selinux/targeted/modules/active/modules/custom_policy.pp
       
    - name: Load the custom policy module
      shell: semodule -i /etc/selinux/targeted/modules/active/modules/custom_policy.pp

    - name: Allow cron jobs to change user content
      seboolean:
        name: cron_can_relabel
        state: yes

    - name: Allow MySQL to connect to the network
      seboolean:
        name: mysql_connect_any
        state: yes

    - name: Allow PostgreSQL to connect to the network
      seboolean:
        name: selinuxuser_postgresql_connect_enabled
        state: yes