| ▲ | yjftsjthsd-h 10 hours ago | |
"battle tested" how? Widely deployed? Red teamed and shown to actually help? | ||
| ▲ | observationist 6 hours ago | parent [-] | |
They've got a red-team type process they apply repeatedly, you have to piece things together from the changelogs to get a grasp on what they're doing. They've built a positive feedback loop on which to iterate improvements in security, and bundled it in a way to be used effectively with Ansible. They're following CIS guidelines, so if you're in a situation where that matters, it's probably a solid starting point for building things you need to have compliant and predictable. Could probably save weeks of effort, depending on the size of the team. | ||