bfcf6c7423
This role contains around 150 controls from the 270+ controls that exist in the RHEL 6 STIG. New controls are still being added. Implements: blueprint security-hardening Change-Id: I0578f86bf42d55242bc72b97b40a5935a3cb18d6
16 lines
632 B
ReStructuredText
16 lines
632 B
ReStructuredText
Although the STIG recommends disabling root logins via ssh, the default in
|
|
this role is to allow it. The openstack-ansible deployment uses the root
|
|
user by default at this time, but that may change later and allow for this
|
|
configuration to be set.
|
|
|
|
To disallow root logins via ssh, simply adjust this configuration variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
ssh_permit_root_login = 'no'
|
|
|
|
**NOTE:** The quotes around ``'no'`` or ``'yes'`` are very important. Ansible
|
|
will treat ``no`` and ``yes`` as booleans by default and that will cause a
|
|
``True`` to land in your sshd configuration file. This will causes errors
|
|
during sshd's startup.
|