We have an ansible role that applies the CIS Distro Independent Linux 2 baseline when we launch new machines. We also have an ansible tower workflow for regularly scheduled patching. At the end of the patching workflow we again run the CIS baseline role to ensure we are maintaining compliance with our secure configuration baseline.
stop machine -> snapshot -> start machine -> patch -> reboot -> test -> snapshot -> secure config -> reboot if patching fails we revert to the starting snapshot. if secure config fails we revert to the post-test snapshot. All of this is done via ansible automation platform. Walter -- Walter Rowe, Division Chief Infrastructure Services, OISM Mobile: 202.355.4123 On Jun 27, 2023, at 3:11 PM, John Petro <jcpe...@johnpetro.com> wrote: Good Afternoon, I was wondering what you all are doing to manage configuration drift. Are you having ansible fix the drift, are you having it notify you of the drift, or are you doing something else. At work, we are preparing to start having some conversations about what we want to do, and I thought this information from you all might be helpful in our journey. Thanks for your time!! ---john -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com<mailto:ansible-project+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob9NsjTGPNa_J8oeBbfZQOHjjqy7ELd6eHhodbHuTykkrQ%40mail.gmail.com<https://groups.google.com/d/msgid/ansible-project/CAPAjob9NsjTGPNa_J8oeBbfZQOHjjqy7ELd6eHhodbHuTykkrQ%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/74E8295F-0895-4DF2-9CF2-1C363FD92C38%40nist.gov.
