openstack/ansible-hardening

Go to file

Marc Gariepy 3c632174e9 Change default prohibit root sshd password auth

Change-Id: Ib195041cd84bafa0cc7ca1d2ca42041618ce181d

2017-08-16 14:05:18 +00:00

Change default prohibit root sshd password auth

2017-08-16 14:05:18 +00:00

Change default prohibit root sshd password auth

2017-08-16 14:05:18 +00:00

Add support for the openSUSE Leap distributions

2017-06-27 15:43:53 +01:00

Do not update grub if grub not used

2017-04-13 12:34:22 +00:00

Verify password age limits [+Docs]

2016-12-08 09:44:23 -06:00

Correct the list of supported OS versions

2017-06-28 15:51:05 -05:00

Change default prohibit root sshd password auth

2017-08-16 14:05:18 +00:00

Manually check apparmor_status

2017-08-16 09:02:42 -05:00

[Docs] Replace security role references

2017-06-12 18:59:28 +00:00

Add equalto Jinja2 test for EL7

2017-06-30 09:13:16 -05:00

Sync test files with the openstack-ansible-tests repository

2017-06-27 13:25:35 +01:00

Install libpam-pwquality on Ubuntu

2017-07-12 14:40:05 -05:00

.gitignore

Sync test files with the openstack-ansible-tests repository

2017-06-27 13:25:35 +01:00

.gitreview

Fix .gitreview

2017-05-30 18:27:52 +00:00

bindep.txt

Manually check apparmor_status

2017-08-16 09:02:42 -05:00

LICENSE

Initial import of openstack-ansible-security role

2015-10-07 07:27:39 -05:00

manual-test.rc

Use centralised test scripts

2016-09-28 12:16:50 +01:00

README.md

Correct the list of supported OS versions

2017-06-28 15:51:05 -05:00

README.rst

[Docs] Replace security role references

2017-06-12 18:59:28 +00:00

run_tests.sh

Manually check apparmor_status

2017-08-16 09:02:42 -05:00

setup.cfg

[Docs] Replace security role references

2017-06-12 18:59:28 +00:00

setup.py

Updated from global requirements

2017-03-02 11:52:32 +00:00

test-requirements.txt

Updated from global requirements

2017-07-15 12:08:54 +00:00

tox.ini

Merge "Ensure that role tests pin pip/setuptools/wheel"

2017-06-13 06:55:30 +00:00

Vagrantfile

Manually check apparmor_status

2017-08-16 09:02:42 -05:00

README.md

ansible-hardening

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide (STIG) to systems running the following distributions:

CentOS 7
Debian Jessie
Fedora 25
openSUSE Leap 42.2 and 42.3
Red Hat Enterprise Linux 7
SUSE Linux Enterprise 12 (experimental)
Ubuntu 14.04 (deprecated)
Ubuntu 16.04

For more details, review the ansible-hardening documentation.

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

Ubuntu 14.04
Ubuntu 16.04
CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.