openstack/ansible-hardening
Code Issues Proposed changes

Merge "Re-adding the missing NTP default vars"

Browse Source
This commit is contained in:
Jenkins 2017-09-13 21:04:16 +00:00 committed by Gerrit Code Review
commit 66bbd87a85
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
defaults/main.yml
View File

@ -266,6 +266,14 @@ security_ntp_servers:
- 1.pool.ntp.org - 1.pool.ntp.org
- 2.pool.ntp.org - 2.pool.ntp.org
- 3.pool.ntp.org - 3.pool.ntp.org
# Chrony limits access to clients that are on certain subnets. Adjust the
# following subnets here to limit client access to chrony servers.
security_allowed_ntp_subnets:
- 10/8
- 192.168/16
- 172.16/12
# Listen for NTP requests only on local interfaces.
security_ntp_bind_local_interfaces_only: yes
# Restrict mail relaying. # Restrict mail relaying.
security_rhel7_restrict_mail_relaying: yes # V-72297 security_rhel7_restrict_mail_relaying: yes # V-72297
# Deploy a login banner. # V-72225 / V-71863 # Deploy a login banner. # V-72225 / V-71863

2
templates/chrony.conf.j2
View File

@ -98,7 +98,5 @@ rtconutc
# Listen for NTP requests only on local interfaces. # Listen for NTP requests only on local interfaces.
port 0 port 0
bindcmdaddress 127.0.0.1 bindcmdaddress 127.0.0.1
{% if not security_disable_ipv6 | bool %}
bindcmdaddress ::1 bindcmdaddress ::1
{% endif %} {% endif %}
{% endif %}