Search Results

What This Page Covers This page walks through every directive in roles/ssh-baseline/templates/sshd_hardening.conf.j2 and explains how it lands on the target host. The deployed file is /etc/ssh/sshd_config.d/10-pbr-hardening.conf. The hardening is aligned wit...

Playbooks Overview The repository contains four playbooks under playbooks/: PlaybookPurposeChanges target? preflight.ymlVerify readiness; no changesNo ssh-baseline.ymlRun preflight then apply the baseline roleYes verify.ymlPost-deployment validationNo te...

Known Limitations & Accepted Risks LXC auditd compliance gap Affected hosts: pbr-graylog-kl1, pbr-thingsboard-kl1 Issue: auditd cannot run inside LXC containers. The kernel audit netlink interface is isolated from container namespaces. Forcing auditd to sta...