Ansible is an incredibly powerful tool that lends itself well to the implementation and auditing of security benchmarks such as the CIS security benchmark. We have demonstrated through practical example how it can reduce a shell script of nearly 60 lines down to less than 20, and how the same code can be easily reused in a variety of scenarios, and even be used to audit security policies across the enterprise. 

In this chapter, you learned how to write Ansible playbooks to apply server hardening benchmarks such as CIS. You then gained hands-on knowledge of applying server hardening policies across the enterprise using Ansible, and how to make use of publicly available open source roles to assist you in this. Finally, you learned about how Ansible supports testing and auditing of successful policy application.

In the next chapter, we will look at an open source tool called OpenSCAP that can be used to perform effective auditing of security policies across the enterprise.