How lsa.nis2 is structured
lsa.nis2is delivered as an Ansible Collection, not a single role.
Core
- Profile resolution
- Default policies
- Module orchestration
- Evidence generation
- No heavy system changes
Modules (Roles)
Each security aspect is implemented as an independent module, for example:
- Inventory & system facts
- SSH posture
- Patch posture
- Time synchronization
- Local logging
- Fail2ban
- Firewall (opt-in)
- Central logging (opt-in)
Profiles
Profiles define sensible defaults, not rigid rules:
basesshwebmaildb
All profiles can be overridden per tenant, environment, or host.