f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
678 B
678 B
---id: V-72269 status: implemented tag: misc ---
The tasks in the security role make the following changes on each host:
- The
chronypackage is installed. - The service (
chronydon Red Hat, CentOS, SLE and openSUSE Leap,chronyon Ubuntu) is started and enabled at boot time. - A configuration file template is deployed that includes
maxpoll 10on each server line.
Deployers can opt out of these changes by setting the following Ansible variable:
security_rhel7_enable_chrony: noNote
Although the STIG mentions the traditional ntpd service,
this role uses chrony, which is a more modern
implementation.