{"id":21696548,"url":"https://github.com/madetech/linux-compliance-playbook","last_synced_at":"2026-05-18T17:40:48.642Z","repository":{"id":44892210,"uuid":"498254267","full_name":"madetech/linux-compliance-playbook","owner":"madetech","description":"An Ansible Playbook to assist with Cyber Essentials Plus compliance on Linux","archived":false,"fork":false,"pushed_at":"2023-04-13T14:19:38.000Z","size":10,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":22,"default_branch":"main","last_synced_at":"2025-03-20T14:53:25.642Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/madetech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-31T08:41:18.000Z","updated_at":"2022-05-31T09:30:28.000Z","dependencies_parsed_at":"2025-03-20T14:48:35.047Z","dependency_job_id":"9ef41298-c0bc-42ce-b1f1-d76f5e0ca886","html_url":"https://github.com/madetech/linux-compliance-playbook","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/madetech/linux-compliance-playbook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madetech%2Flinux-compliance-playbook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madetech%2Flinux-compliance-playbook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madetech%2Flinux-compliance-playbook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madetech%2Flinux-compliance-playbook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/madetech","download_url":"https://codeload.github.com/madetech/linux-compliance-playbook/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madetech%2Flinux-compliance-playbook/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33186223,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-18T09:27:30.708Z","status":"ssl_error","status_checked_at":"2026-05-18T09:27:28.300Z","response_time":71,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-25T19:20:24.379Z","updated_at":"2026-05-18T17:40:48.612Z","avatar_url":"https://github.com/madetech.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Linux Compliance Playbook\n\nThis playbook (in development) is intended to set up our Linux workstations\nfor compliance with Cyber Essentials Plus (as detailed \n  [here](https://docs.google.com/document/d/13_Je82eCpPU2qZgYINxDYX9OxRrVemdixj8yD4IFH8s)\n), as far as possible.\n\n## Requirements\n\n| Requirement | Ubuntu 20.04 | Ubuntu 22.04 | Fedora\n|-|-|-|-\n| Full Disk Encryption\n| Automatic Updates (security) | D | D | D\n| Password Policy\n| Account Lockout\n| Firewall\n| Disable Autorun | | | D\n| VPN\n| Antivirus\n| DriveStrike\n\n|Level | Description | Code\n|-|-|-\n|Compliant by default | This item just needs you to not turn it off during install | D\n|Verified | This item is verified to be compliant by the Ansible playbook | V\n|Installed/Configured | This item is actually installed or configured by the Ansible playbook | C\n|Planned | We plan to do this | [empty cell]\n|Not Planned | We have decided this is too much trouble for now | NP\n\nIdeally we should be able to fill the whole table with `VC`.\n\nPractically : we presently have less than 20 Linux users. It would be best to\nidentify the most time-consuming and error prone aspects of the setup required,\nand sort those out first.\n\nConfig changes should not be disturbed by package updates (if possible, avoid\ntouching config files provided as part of the package, e.g. use config.d/ folders\nto supplment config, or where softlinks are used, supply new config and relink\nto them).\n\n## Priority\n\n- Most of our users are on Ubuntu (Debian), so prioritise that first\n- Prioritise things that are important\n- Prioritise things that are fiddly to set up (and thus error prone)\n\n### 1. Full Disk Encryption\n\nSince this is \"the most important step\", and relatively easy to verify, this\nshould be done early.\n\n### 2. Password Policy\n\nAnother important one that is relatively easy to configure.\n\n### 3. Account Lockout\n\nThe instructions as presented in the guide will disable your system if you don't\nhave the (deprecated) `pam_tally2` module, so anyone upgrading from 20.04 or\nfollowing the instructions for 22.04 will find themselves unable to log in.\n\nFixing this would be nice.\n\n### 4. Antivirus\n\nCurrently : SentinelOne\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmadetech%2Flinux-compliance-playbook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmadetech%2Flinux-compliance-playbook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmadetech%2Flinux-compliance-playbook/lists"}