Getting Started with Lockdown Enterprise

We've combined our many decades of security baselining experience with our significant Ansible automation skills to create what we think is simply the best and most functional baseline automation content around.

Let's get automating (baselines)!

Before You Start

As with any Playbook that makes changes to a system, it may have undesired results on your system. Here are some steps and precautions you should take before getting started:


You need an Ansible control node with:

Making it Work For You

Variables and options

Lockdown Enterprise comes with a multitude of options that you can enable or disable as you wish. These can be highly tailored to your requirements using inventory and group variables. This can be utilized for different environment variables or system function.


This contains all the Boolean settings, that will command it to run or not. It also contains any variables you may wish to make specific to your needs.

CIS Examples (refer to README file for Playbook specifics):

Related rule checks

rhel8cis_rule_1_1_1_1: true


rhel8cis_section1: true


rhel8cis_dhcp_server: false

Type of system

rhel8cis_system_is_container: false

Environmental or OS specific

rhel8cis_selinux_disable: true
rhel8cis_ipv6_required: true
rhel8cis_time_Syncronization: chrony

Running the Playbook

As with any Playbook, locations may be different in your implementation.
For Example

ansible-playbook -l {{ limit hosts/groups if applicable }} -I {{ path to the inventory of servers you want to use }} {{ relative path to site.yml }}


The Playbook has many tag options to enable you to run adhoc without having to amend all the variables.
These can be listed as such:

ansible-playbook site.yml –list-tags


# Audit and patch the site    
   ansible-playbook site.yml --tags="patch"

Additional Resources

Call the Experts

Need more help? Our experts are ready and waiting to answer your questions.