Documentation should be updated #361
Comments
|
Thanks for this issue, @joubbi. Good to get a thorough examination of this collection. It was developed over several years and there are surely mistakes and errors.
This should be fixed.
It is stated in the collection-readme and in the meta-file of the role.
Can you tell me which part exactly is outdated? A general statement like this is unhelpful.
See here:
What in the description in the README is not clear to you about the state and goals? https://github.com/dev-sec/ansible-collection-hardening#description
I see you already created a PR for this. I'll take a look. Personally I just |
What I got confused about is that one place says that CentOS7/8 is supported but you use a hardening guide for RHEL 5. What I think is outdated is a link to a hardening guide for Red Hat Enterprise Linux 5, which was end of life almost eight years ago. Maybe you should use a hardening guide for RHEL 8 instead?
My bad. I was only reading the README.
Landing on the GitHub page without knowing anything about the project, at least what I wanted to know since it's a security related project was: How does this compare with hardening standards and recommendations that I am familiar with CIS, NIST, PCI-DSS..? Who is behind this project? Is it someone I can trust?
Thank you for mentioning #76. This discussion was exactly what I was after: dev-sec/linux-baseline#110
|
|
Hey @joubbi, is there anything here you still want to change? |
|
Feel free to reopen, if more is needed. |
Is your feature request related to a problem? Please describe.
I found this project by googling. It's the second google hit after https://github.com/openstack/ansible-hardening. I've used ansible-hardening before. It works and their documentation is great. Unfortunately the project seems to be sleeping.
When I found this project, the first thing I tried to understand is to figure out what it does and if it is still relevant.
I want to harden my systems so that they are at least CIS level 1 compliant.
I have figured out that this project doesn't try to follow any one standard for hardening, which is perfectly fine.
But...
At the bottom of the os_hardening github page there are links to guides that the project is based on.
One of the links: "NSA: Guide to the Secure Configuration of Red Hat Enterprise Linux 5" gives a 404.
The README for os_hardening doesn't state which Linux distros are supported.
The README for the collection states CentOS7/8.
It looks outdated with a guide to RHEL5.
I found the page https://dev-sec.io/project/ by googling. It also links to a RHEL5 guide.
I have not found a link to dev-sec.io from GitHub, but there is a link from dev-sec.io to GitHub.
Describe the solution you'd like
I would like the dev-sec.io page and the READMEs to be updated with the current state and goals of the project.
I would like the documentation to state if the project follows CIS benchmark. If it doesn't follow CIS recommendations, then why not?
I would like the variables and other lists to be alphabetically sorted in the documentation and configuration files so that they can be easily found.
Additional context
I am happy that this project exists and is free. I have saved a lot of time by using it instead of creating my own hardening from nothing.
The text was updated successfully, but these errors were encountered: