The dev-sec/ansible-collection-hardening repository is an Ansible collection that provides hardening configurations for Linux operating systems, SSH, nginx, and MySQL. Written primarily in Jinja, the collection consolidates multiple hardening roles into a single installable package designed to meet security baselines established by the DevSec project. The collection requires Ansible version 2.16 or later and is distributed under the Apache License 2.0.
The collection supports hardening across a broad range of operating systems and software versions. For Linux distributions, it covers CentOS Stream 9, AlmaLinux 8/9/10, Rocky Linux 8/9/10, Debian 11/12/13, Ubuntu 22.04/24.04/26.04, Amazon Linux, Arch Linux, Fedora 42/43/44, and Suse Tumbleweed with varying levels of support. Database support includes MySQL versions 5.7.31 and later, MySQL 8.0.3 and later, and MariaDB versions 5.5.65 and later, 10.1.45 and later, and 10.3.17 and later. Nginx hardening is available for version 1.0.16 and later, while SSH hardening supports OpenSSH 5.3 and later.
The collection includes four primary roles: os_hardening for Linux operating system hardening, mysql_hardening for database security, nginx_hardening for web server configuration, and ssh_hardening for secure shell access. Two additional roles, apache_hardening and windows_hardening, are listed as in-progress and not yet functional. The hardening configurations are designed to be compliant with the Inspec DevSec Baselines, which provide standardized security benchmarks for Linux systems, MySQL databases, nginx servers, and SSH configurations.
The repository represents a consolidation of previously standalone roles. The os_hardening role was previously maintained as a separate repository with its last standalone release at version 6.2.0, while apache_hardening, mysql_hardening, nginx_hardening, ssh_hardening, and windows_hardening are now maintained in separate archive repositories. This restructuring into a unified collection simplifies installation and management through the ansible-galaxy package manager.
Activity tracking shows the collection maintains active development and maintenance. GitGenius data reveals a median issue and pull request response latency of 0.0 hours with a mean of 5116.4 hours across 61 tracked items, indicating responsive handling of community contributions despite occasional longer resolution times. The most active issue labels are bug with 32 occurrences, enhancement with 20 occurrences, and ssh_hardening with 4 occurrences. Primary contributors include schurzi with 50 tracked events, rndmh3ro with 32 events, and jobetinfosec with 8 events. The repository's contributor base overlaps with major open-source projects including microsoft/vscode, microsoft/typescript, and rust-lang/rust, suggesting involvement from experienced infrastructure and security professionals.
The collection's roadmap includes expanding apache_hardening and windows_hardening functionality and adding support for additional operating systems. Installation is straightforward through the ansible-galaxy command, and users can reference role-specific documentation for implementation examples. The project maintains a contributor guideline and changelog to support community participation and track changes across releases.