openstack/ansible-hardening
Code Issues Proposed changes
1,027 Commits 6 Branches 147 Tags
694ae029109afecd3f67096370bce68959d63ec2
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Dmitriy Rabotyagov 694ae02910 Disable GSSAPIAuthentication for SSH 
This implements STIG V-204598 [1] and disables
GSSAPIAuthentication that is enabled by default on EL
systems.
This also should speedup deployments on such systems, as
enabled GSSAPIAuthentication requires some time while
initiating connection.

[1] https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2020-12-08/finding/V-204598

Change-Id: I2d92541ccfc27e91224fd481c3792993428a052e
2023-10-26 09:06:29 +02:00
defaults
Disable GSSAPIAuthentication for SSH
2023-10-26 09:06:29 +02:00
doc
Switch sphinx language to en
2022-05-30 16:01:18 +02:00
examples
Switch hardening to integrated tests
2021-05-21 17:28:39 +03:00
files
changed disable dccp conf for preventing kernel messages
2019-10-21 13:18:03 +02:00
handlers
Fix linters and metadata
2023-07-17 14:25:21 +02:00
library
Remove sebang from get_users
2022-10-04 17:46:24 +02:00
meta
Fix linters and metadata
2023-07-17 14:25:21 +02:00
releasenotes
Update master for stable/zed
2022-12-13 13:03:55 +00:00
tasks
Fix linters and metadata
2023-07-17 14:25:21 +02:00
templates
Remove commandkey from chrony config
2023-05-23 19:00:23 +02:00
test_plugins
Add equalto Jinja2 test for EL7
2017-06-30 09:13:16 -05:00
tests
Use ansible_facts[] instead of fact variables
2021-03-10 16:54:58 +00:00
vars
Disable GSSAPIAuthentication for SSH
2023-10-26 09:06:29 +02:00
zuul.d
Switch hardening to integrated tests
2021-05-21 17:28:39 +03:00
.ansible-lint
Fix linter errors
2021-02-02 16:11:03 +02:00
.gitignore
Updated from OpenStack Ansible Tests
2020-06-04 09:21:15 +02:00
.gitreview
OpenDev Migration Patch
2019-04-19 19:34:44 +00:00
bindep.txt
Updated from OpenStack Ansible Tests
2021-03-12 22:23:17 +00:00
CONTRIBUTING.rst
[ussuri][goal] Update contributor documentation
2020-05-12 23:39:23 +03:00
LICENSE
Initial import of openstack-ansible-security role
2015-10-07 07:27:39 -05:00
manual-test.rc
Use centralised test scripts
2016-09-28 12:16:50 +01:00
README.md
Moving IRC network reference to OFTC
2021-07-08 18:26:27 -05:00
README.rst
update source link in readme
2019-10-05 11:37:36 +08:00
run_tests.sh
Updated from OpenStack Ansible Tests
2022-05-03 16:17:12 +00:00
test-requirements.txt
Enable syncing of docs
2020-06-03 22:04:16 +02:00
tox.ini
Update tox.ini to work with 4.0
2022-12-27 17:53:11 +01:00
Vagrantfile
Updated from OpenStack Ansible Tests
2021-12-17 16:50:16 +00:00

README.md

ansible-hardening

ansible-hardening-logo

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide (STIG) to systems running the following distributions:

  • CentOS 8
  • Debian Buster
  • Ubuntu Bionic
  • Ubuntu Focal

For more details, review the ansible-hardening documentation.

Release notes for the project can be found at: https://docs.openstack.org/releasenotes/ansible-hardening

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on OFTC.

View Git Blame Copy Permalink
Description
Ansible role for security hardening
Readme 5.6 MiB
Languages
Jinja 51.9%
Python 47.9%
Shell 0.2%