openstack/ansible-hardening
Code Issues Proposed changes
Ansible role for security hardening
745 Commits 10 Branches 141 Tags 5.4 MiB
Jinja 44.5%
Python 41.2%
Shell 14.3%
875f635ab4
Go to file
Major Hayden 875f635ab4 [Docs] Overhaul STIG by tag docs 
This patch gets rid of the old "special notes" section that was a
dead-end in the documentation and replaces it with a brief header
followed by a dynamically-generated list of tag-specific
documentation. All of this sits underneath the "Hardening Domains"
section.

It also splits the "Deviations" documentation into its own section
because it's quite important for a deployer to review.

The patch also includes a link to video/slides from the Boston
Summit, which provided the latest updates for the project and some
background on how everything fits together.

Change-Id: I1a5e78733c301335fe1bcfcee36cc146d690b841
2017-06-13 06:33:16 +00:00
defaults Actually set min/max password lifetime for account 2017-06-13 06:32:47 +00:00
doc [Docs] Overhaul STIG by tag docs 2017-06-13 06:33:16 +00:00
files [Docs] Replace security role references 2017-06-12 18:59:28 +00:00
handlers Do not update grub if grub not used 2017-04-13 12:34:22 +00:00
library Verify password age limits [+Docs] 2016-12-08 09:44:23 -06:00
meta Adjust readme/meta for Ansible 2.3 2017-04-20 10:08:05 -05:00
releasenotes Add release note for password lifetime patches 2017-06-13 06:33:04 +00:00
tasks Actually set min/max password lifetime for account 2017-06-13 06:32:47 +00:00
templates [Docs] Replace security role references 2017-06-12 18:59:28 +00:00
tests Actually set min/max password lifetime for account 2017-06-13 06:32:47 +00:00
vars Get a list of all users + interactive users 2017-06-13 06:32:17 +00:00
.gitignore [Docs] Overhaul STIG by tag docs 2017-06-13 06:33:16 +00:00
.gitreview Fix .gitreview 2017-05-30 18:27:52 +00:00
bindep.txt Initial Fedora 25 support 2017-05-31 13:33:34 +00:00
LICENSE Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
manual-test.rc Use centralised test scripts 2016-09-28 12:16:50 +01:00
README.md [Docs] Replace security role references 2017-06-12 18:59:28 +00:00
README.rst [Docs] Replace security role references 2017-06-12 18:59:28 +00:00
run_tests.sh Initial Fedora 25 support 2017-05-31 13:33:34 +00:00
setup.cfg [Docs] Replace security role references 2017-06-12 18:59:28 +00:00
setup.py Updated from global requirements 2017-03-02 11:52:32 +00:00
test-requirements.txt Updated from global requirements 2017-05-17 03:55:45 +00:00
tox.ini [Docs] Overhaul STIG by tag docs 2017-06-13 06:33:16 +00:00
Vagrantfile Add support for Xenial and CentOS 7 to the Vagrantfile 2016-06-14 16:18:22 -04:00

README.md

ansible-hardening

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide(STIG) to systems running the following distributions:

  • CentOS 7
  • Debian Jessie (experimental)
  • Ubuntu 14.04 (deprecated)
  • Ubuntu 16.04
  • Red Hat Enterprise Linux 7

For more details, review the ansible-hardening documentation.

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 14.04
  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.