Skip to content

Configure Filesystem Partitions #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 4, 2025
Merged

Configure Filesystem Partitions #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b49d7cb
Configure Filesystem Partitions
Oct 10, 2025
0257926
Used vars in filesystem_partitions_al2.yaml
Shubhanshi-2123 Nov 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions tasks/amazon_linux.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
- name: Amazon Linux 2 | Configure Filesystem Partitions
include_tasks: configure_filesystem_partitions_al2.yaml
23 changes: 23 additions & 0 deletions tasks/configure_filesystem_partitions_al2.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
- name: Configure /tmp partition security options
mount:
path: /tmp
src: tmpfs
fstype: tmpfs
opts: "{{ item.opts }}"
state: mounted
loop: "{{ tmp_mount_options }}"
loop_control:
label: "{{ item.name }}"

- name: Configure /dev/shm partition security options
mount:
path: /dev/shm
src: tmpfs
fstype: tmpfs
opts: "{{ item.opts }}"
state: mounted
loop: "{{ shm_mount_options }}"
loop_control:
label: "{{ item.name }}"

12 changes: 8 additions & 4 deletions tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,18 @@
- name: Include CIS Stage Specific vars
include_vars: cis-{{ cis_Stage }}.yaml

- name: Debian realted Specification
- name: Debian related Specification
include_tasks: configure_Debian.yaml
when:
ansible_os_family == 'Debian'

- name: Centos realted Specification
- name: CentOS related Specification
include_tasks: configure_RedHat.yaml
when:
ansible_os_family == 'RedHat'
when: ansible_os_family == 'RedHat' and ansible_distribution != 'Amazon'

- name: Amazon Linux 2 related Specification
include_tasks: amazon_linux.yaml
when: ansible_distribution == 'Amazon'

# - name: Special purpose services
# include_tasks: services.yaml
Expand All @@ -35,3 +38,4 @@

# - name: Ensure dccp and sctp is disabled
# include_tasks: network_protocol_and_unusedFilesystem.yaml

15 changes: 15 additions & 0 deletions vars/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,3 +88,18 @@ os_services_name: ['avahi-daemon', 'slapd', 'named', 'cups', 'telnet', 'discard-
# aide cronjob configuration
minute_aide_cronjob: '0'
hour_aide_cronjob: '5'

# configure filesystem partitions for al2
tmp_mount_options:
- { name: "Ensure /tmp is a separate partition", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
- { name: "Ensure nodev option set on /tmp", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
- { name: "Ensure nosuid option set on /tmp", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
- { name: "Ensure noexec option set on /tmp", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }

shm_mount_options:
- { name: "Ensure /dev/shm is a separate partition", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
- { name: "Ensure nodev option set on /dev/shm", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
- { name: "Ensure nosuid option set on /dev/shm", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
- { name: "Ensure noexec option set on /dev/shm", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }