f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
26 lines
678 B
ReStructuredText
26 lines
678 B
ReStructuredText
---
|
|
id: V-72269
|
|
status: implemented
|
|
tag: misc
|
|
---
|
|
|
|
The tasks in the security role make the following changes on each host:
|
|
|
|
* The ``chrony`` package is installed.
|
|
* The service (``chronyd`` on Red Hat, CentOS, SLE and openSUSE Leap,
|
|
``chrony`` on Ubuntu) is started and enabled at boot time.
|
|
* A configuration file template is deployed that includes ``maxpoll 10`` on
|
|
each server line.
|
|
|
|
Deployers can opt out of these changes by setting the following Ansible
|
|
variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_rhel7_enable_chrony: no
|
|
|
|
.. note::
|
|
|
|
Although the STIG mentions the traditional ``ntpd`` service, this role uses
|
|
``chrony``, which is a more modern implementation.
|