Install screen and ssh client/server

This patch ensures that screen and ssh packages are installed. It fulfills the requirmeents of these two STIGs: * RHEL-07-010072 * RHEL-07-040260 Implements: blueprint security-rhel7-stig Change-Id: Id30d586bfff8b34554195845a565d491c2ac76e2
2016-11-04 13:51:04 -05:00 · 2016-11-04 13:51:04 -05:00 · 9d74dbd915
commit 9d74dbd915
parent 1f557eb3f7
5 changed files with 26 additions and 6 deletions
--- a/doc/metadata/rhel7/RHEL-07-010072.rst
+++ b/doc/metadata/rhel7/RHEL-07-010072.rst
@ -1,7 +1,7 @@
 ---
 id: RHEL-07-010072
-status: not implemented
-tag: misc
+status: implemented
+tag: packages
 ---

-This STIG requirement is not yet implemented.
+The role will ensure that the ``screen`` package is installed.
--- a/doc/metadata/rhel7/RHEL-07-040260.rst
+++ b/doc/metadata/rhel7/RHEL-07-040260.rst
@ -1,7 +1,11 @@
 ---
 id: RHEL-07-040260
-status: not implemented
-tag: misc
+status: implemented
+tag: packages
 ---

-This STIG requirement is not yet implemented.
+The STIG requires that every system has an ssh client and server installed. The
+role installs the following packages:
+
+* CentOS: ``openssh-clients``, ``openssh-server``
+* Ubuntu: ``openssh-client``, ``openssh-server``
--- a/tasks/rhel7stig/packages.yml
+++ b/tasks/rhel7stig/packages.yml
@ -31,9 +31,11 @@
    - auth
    - packages
    - services
+    - RHEL-07-010072
    - RHEL-07-021910
    - RHEL-07-020000
    - RHEL-08-020010
+    - RHEL-07-040260
    - RHEL-07-040500
    - RHEL-07-040560

@ -55,8 +57,10 @@
    - auth
    - packages
    - services
+    - RHEL-07-010072
    - RHEL-07-021910
    - RHEL-07-020000
    - RHEL-08-020010
+    - RHEL-07-040260
    - RHEL-07-040500
    - RHEL-07-040560
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -86,6 +86,12 @@ stig_packages:

 # RHEL 7 STIG: Packages to add/remove
 stig_packages_rhel7:
+  - packages:
+      - openssh-client
+      - openssh-server
+      - screen
+    state: "{{ security_package_state }}"
+    enabled: True
  - packages:
      - rsh-server
    state: absent
--- a/vars/ubuntu.yml
+++ b/vars/ubuntu.yml
@ -90,6 +90,12 @@ stig_packages:

 # RHEL 7 STIG: Packages to add/remove
 stig_packages_rhel7:
+  - packages:
+      - openssh-clients
+      - openssh-server
+      - screen
+    state: "{{ security_package_state }}"
+    enabled: True
  - packages:
      - rsh-server
    state: absent