new layout

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-27 23:43:06 +00:00 · 2022-04-28 17:28:50 +01:00 · 2022-04-28 17:28:50 +01:00 · f36d608335
commit f36d608335
parent 2585cda7bc
8 changed files with 371 additions and 53 deletions
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@ -2,69 +2,72 @@
 Automated security hardening for Linux hosts with Ansible
 =========================================================

-.. image:: https://secure.travis-ci.org/MindPointGroup/RHEL7-STIG.svg?branch=devel
-   :alt: Build Status Badge
-   :target: https://travis-ci.org/MindPointGroup/RHEL7-STIG
+What is security hardening?
+---------------------------

-.. raw:: html
+The content delivered is based upon either one of the two major contributors to the security best practices in the IT industry.

-    <p><iframe src="https://ghbtns.com/github-btn.html?user=MindPointGroup&repo=RHEL7-STIG&type=watch&count=true&size=large&v=2"
-    allowtransparency="true" frameborder="0" scrolling="0" width="200px" height="35px"></iframe></p>
+- Center for Internet Security (CIS): https://www.cisecurity.org/cis-benchmarks/
+  - A global IT community of experts helping to build, document sets of benchmarks to produce industry best security practices

-What does the role do?
+or
+
+- Security Technical Implementation Guide (STIG): https://public.cyber.mil/stigs/downloads/
+  - From the Defense Information Systems Agency (DISA) 
+  - The STIG is released with a public domain license and it is commonly used to secure systems at public and private organizations around the world.
+
+Both are well known and respected benchmarks created for the industry to assist in achieving recognised compliance (e.g. PCI DSS, HIPAA, SOC2, NIST) and adopting security best practices.
+
+
+What is provided?
+-----------------
+
+The content provided is open source licensed configurations to assist in achieving or auditing compliance to one of the benchmark providers listed above.
+
+This consists of two components
+
+- Audit
+- Remediate
+
+Both can be run alone or inconjunction with each other.
+
+What do the roles do?
 ----------------------
-This role uses the |benchmark_name| `Security Technical Implementation Guide (STIG)`_ guidance 
-from the `Defense Information Systems Agency (DISA)`_. The STIG is released with a 
-public domain license and it is commonly used to secure systems at public and private
-organizations around the world.

-We analyze each configuration hardening item from the applicable STIG benchmark
-to determine what impact it has on a live production environment and how to
-best implement it using Ansible. Tasks are added to the role that configure a host
-to meet the configuration requirements. Each task is documented to explain what was
-changed, why it was changed, and what deployers need to understand about the change.
+- Audit 
+  - runs a small single binary on the system written in go called goss: http://goss.rocks
+  - enables you to very quickly scan your host and output the status of compliance for your host.

-Deployers have the option to enable/disable STIG items that do not suit their environments
-needs. Each STIG item has an associated variable that can be used to switch it on or off.
-Additionally, the items that have configurable values, i.e. number of password attempts, will
-generally have a corresponding variable that allows for customization of the applied value.
-It is imperative for each deployer to understand the regulations and compliance requirements
-that their organization and specific environments are responsible for meeting in order to
-effeectively implement the controls in the |benchmark_name_short| STIG.
+- Remediate
+  - Ability to run from a central location using the configuration management tool ansible
+  - Assists in bringing your host into compliance for the relevant benchmark
+
+
+How do we do this?
+------------------
+
+We analyze each configuration control from the applicable benchmark to determine what impact it has on a live production environment and how to
+best implement a way to audit the current configuration and how to achieve those requirements using Ansible. 
+Tasks are added to the role that configure a host to meet the configuration requirements. Each task is documented to explain what was changed, why it was changed, and what deployers need to understand about the change.
+
+Deployers have the option to enable/disable every control that does not suit their environments needs. 
+Every control item has an associated variable that can be used to switch it on or off.
+
+Additionally, the items that have configurable values, i.e. number of password attempts, will generally have a corresponding variable that allows for customization of the applied value.
+It is imperative for each deployer to understand the regulations and compliance requirements that their organization and specific environments are responsible for meeting in order to effeectively implement the controls in the relevant benchmark.

-.. _Security Technical Implementation Guide (STIG): http://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx
-.. _Defense Information Systems Agency (DISA): http://www.disa.mil/

 Documentation
 -------------

-The following documentation applies to the devel branch and is currently under
-active development. Documentation for the latest stable and previous stable
-releases will be generated and available once the first stable release is cut.
+Documentation is split in the two categories

 .. toctree::
   :maxdepth: 2
+   audit
+   remediate

-   getting-started.rst
-   customization.rst
-   controls.rst
-   controls-contrib.rst
-   developer-guide.rst
-   faq.rst
-
-Releases
--------
-
-devel
-~~~~~~
-
-* **Status:** Active development
-
-* **STIG Version:**
-  |benchmark_name_short| |stig_version| *(Published on* |stig_release_date| *)*
-
-* **Supported Operating Systems:**
-
-  * Red Hat Enterprise Linux 7
-  * CentOS 7
-
+Content list
+------------
+.. code-block: txt
+  .. include:: benchmarks.rst