openstack/ansible-hardening
Code Issues Proposed changes
859 Commits 7 Branches 148 Tags
5f21204aea3b1152c5490029508b40cc2dbdeec7
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
OpenStack Release Bot 5f21204aea Update reno for stable/queens 
Change-Id: I19151e262ddb40eb048d4b0164df7c0d43b4fceb
2018-02-14 15:44:18 +00:00
defaults
Merge "Add scaffolding for contrib tasks"
2017-12-01 14:16:46 +00:00
doc
Merge "Add scaffolding for contrib tasks"
2017-12-01 14:16:46 +00:00
files
Add support for the openSUSE Leap distributions
2017-06-27 15:43:53 +01:00
handlers
Always quote the filesystem permissions
2017-11-08 10:56:07 -06:00
library
Verify password age limits [+Docs]
2016-12-08 09:44:23 -06:00
meta
Add role maturity metadata to ansible-hardening
2017-11-03 13:50:50 +00:00
releasenotes
Update reno for stable/queens
2018-02-14 15:44:18 +00:00
tasks
Move aide db when needed
2018-02-06 12:39:14 -06:00
templates
Fix the path of chrony.keys
2017-12-22 10:01:58 +08:00
test_plugins
Add equalto Jinja2 test for EL7
2017-06-30 09:13:16 -05:00
tests
Merge "Add scaffolding for contrib tasks"
2017-12-01 14:16:46 +00:00
vars
tasks: auth: Pass --unrestricted to Linux Grub2 entries
2018-01-10 16:50:19 +00:00
zuul.d
Zuul: Remove project name
2018-02-05 11:57:31 -08:00
.gitignore
Sync test files with the openstack-ansible-tests repository
2017-06-27 13:25:35 +01:00
.gitreview
Fix .gitreview
2017-05-30 18:27:52 +00:00
bindep.txt
Updated from OpenStack Ansible Tests
2017-12-06 00:07:09 +00:00
LICENSE
Initial import of openstack-ansible-security role
2015-10-07 07:27:39 -05:00
manual-test.rc
Use centralised test scripts
2016-09-28 12:16:50 +01:00
README.md
Queens doc updates + removal of RHEL 6 STIG
2017-09-12 08:19:54 -06:00
README.rst
[Docs] Replace security role references
2017-06-12 18:59:28 +00:00
run_tests.sh
Updated from OpenStack Ansible Tests
2017-11-10 13:18:58 +00:00
setup.cfg
[Docs] Replace security role references
2017-06-12 18:59:28 +00:00
setup.py
Updated from global requirements
2017-03-02 11:52:32 +00:00
test-requirements.txt
Updated from global requirements
2018-01-24 00:48:49 +00:00
tox.ini
Queens doc updates + removal of RHEL 6 STIG
2017-09-12 08:19:54 -06:00
Vagrantfile
Updated from OpenStack Ansible Tests
2018-01-22 16:58:12 +00:00

README.md

ansible-hardening

ansible-hardening-logo

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide (STIG) to systems running the following distributions:

  • CentOS 7
  • Debian Jessie
  • Fedora 26
  • openSUSE Leap 42.2 and 42.3
  • Red Hat Enterprise Linux 7
  • SUSE Linux Enterprise 12 (experimental)
  • Ubuntu 16.04

For more details, review the ansible-hardening documentation.

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.

View Git Blame Copy Permalink
Description
Ansible role for security hardening
Readme 5.6 MiB
Languages
Jinja 51.9%
Python 47.9%
Shell 0.2%