They've got a red-team type process they apply repeatedly, you have to piece things together from the changelogs to get a grasp on what they're doing. They've built a positive feedback loop on which to iterate improvements in security, and bundled it in a way to be used effectively with Ansible.
They're following CIS guidelines, so if you're in a situation where that matters, it's probably a solid starting point for building things you need to have compliant and predictable. Could probably save weeks of effort, depending on the size of the team.
alt Hacker News
They've got a red-team type process they apply repeatedly, you have to piece things together from the changelogs to get a grasp on what they're doing. They've built a positive feedback loop on which to iterate improvements in security, and bundled it in a way to be used effectively with Ansible.
They're following CIS guidelines, so if you're in a situation where that matters, it's probably a solid starting point for building things you need to have compliant and predictable. Could probably save weeks of effort, depending on the size of the team.