add role skeleton and autogen task skeleton

.gitignore

@@ -0,0 +1,3 @@
+*.swp
+.DS_Store
+*test*

LICENSE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2015     MindPoint Group http://www.mindpointgroup.com
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,91 @@
+RHEL 6 DISA STIG
+================
+
+Configure RHEL 6 machine to be DISA STIG compliant. CAT I findings will be corrected by default. CAT II and CAT III findings can be corrected by setting the appropriate variable to enable those playbooks.
+
+This role **will make changes to the system** that could break things. This is not an auditing tool but rather a remediation tool to be used after an audit has been conducted.
+
+The role tries to be helpful and pause to let you know it found something. You can disable this behaviour if you want to run it unattended by setting `rhel6stig_fullauto` to `true`.
+
+## IMPORTANT INSTALL STEP
+
+If you want to install this via the `ansible-galaxy` command you'll need to run it like this: 
+
+`ansible-galaxy install -p roles nousdefions.STIG-RHEL6,devel`
+
+Based on [Red Hat Enterprise Linux 6 STIG Version 1 Release 6 - 2015-01-23](http://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx).
+
+Inspiration and some config files taken from [RedHatGov](https://github.com/RedHatGov) [stig-fix-el6](https://github.com/RedHatGov/stig-fix-el6).
+
+This repo originated from work done by [Sam Doran](https://github.com/samdoran/ansible-role-stig)
+
+Requirements
+------------
+
+You should carefully read through the tasks to make sure these changes will not break your systems before running this playbook.
+
+Role Variables
+--------------
+There are many role variables defined in defaults/main.yml. This list shows the most important.
+
+**rhel6stig_cat1**:           Correct CAT I findings (Default: true)
+
+**rhel6stig_cat2**:           Correct CAT II findings (Default: false)
+
+**rhel6stig_cat3**:           Correct CAT III findings (Default: false)
+
+**rhel6stig_fullauto**:       Run the role without pausing (Default: true)
+
+**rhel6stig_use_dhcp**:       Whether the system should use DHCP or Static IPs. **Setting this false is dangerous.** (Default: true)
+
+**rhel6stig_system_is_router** Whether on not the target system is acting as a router. Disables settings that would break the system if it is a acting as a router. (Default: false)
+
+**rhel6stig_root_email_address**:          Address where system email is sent (Default: [email protected])
+
+**rhel6stig_xwindows_required**:           Whether or not X Windows is is use on taregt systems. Disables some changes if X Windows is not in use. (Default: false)
+
+**rhel6stig_ipv6_in_use**       Whether or not ipv6 is in use of the target system. This is set automatically to 'true' if ipv6 is found to be in use. (Default: false)
+
+**rhel6stig_tftp_required**  Whether or not TFTP is required. This will prevent the removal of `tftp` and `tftp-server` packages. It will also  reconfigure the `tftp-server` to run securely. (Default: false)
+Dependencies
+
+**rhel6stig_change_grub_password**: Whether or not to update the grub password even if a hash already exists in `/boot/grub/grub.conf`. (Default: false)
+
+**rhel6stig_bootloader_password**: The new grub password to use if rhel6stig_change_grub_password is **TRUE** (Default: randomly generated and encrypted string)
+
+
+Dependencies
+------------
+
+Ansible > 1.8
+
+Example Playbook
+-------------------------
+
+Make sure to include the vars_prompt section in your playbook. It is needed for the tasks that set the grub password.
+
+    - hosts: servers
+      sudo: yes
+
+      roles:
+         - { role: RHEL6-STIG, rhel6stig_cat1: true, rhel6stig_cat2: true, rhel6stig_cat3: false }
+
+
+Tags
+----
+Many tags are available for precise control of what is and is not changed. When running this playbook with tags, always include the `prelim_tasks` tag. This will run all the setup tasks that gather information and set variables used by subsequest tasks. If run without `prelim_tasks`, certain tasks may fail.
+
+Some examples of using tags:
+
+    # Only remediate ssh
+    ansible-playbook site.yml --tags="prelim_tasks,ssh"
+
+    # Don't change SNMP or postfix
+    ansible-playbook site.yml --skip-tags="postfix,mail,snmp"
+
+
+License
+-------
+
+MIT
+

defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for RHEL7-CIS

handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for RHEL7-CIS

meta/main.yml

@@ -0,0 +1,126 @@
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #  - 21
+  #  - 22
+  #- name: Windows
+  #  versions:
+  #  - all
+  #  - 2012R2
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #  - utopic
+  #  - vivid
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - jessie
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is
+    # a keyword that describes and categorizes the role.
+    # Users find roles by searching for tags. Be sure to
+    # remove the '[]' above if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of
+    # alphanumeric characters. Maximum 20 tags per role.
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.

tasks/main.yml

@@ -0,0 +1,28 @@
+---
+# tasks file for RHEL7-CIS
+- include: section1.yml
+  when: rhel7cis_section1
+
+- include: section2.yml
+  when: rhel7cis_section2
+
+- include: section3.yml
+  when: rhel7cis_section3
+
+- include: section4.yml
+  when: rhel7cis_section4
+
+- include: section5.yml
+  when: rhel7cis_section5
+
+- include: section6.yml
+  when: rhel7cis_section6
+
+- include: section7.yml
+  when: rhel7cis_section7
+
+- include: section8.yml
+  when: rhel7cis_section8
+
+- include: section9.yml
+  when: rhel7cis_section9