Ansible role for security hardening

Go to file

OpenStack Release Bot bb429a9cdf Update master for stable/stein Add file to the reno documentation build to show release notes for stable/stein. Use pbr instruction to increment the minor version number automatically so that master versions are higher than the versions on stable/stein. Change-Id: I9e46d961625a402109591f20279c823b6728988b Sem-Ver: feature		2019-04-08 09:13:17 +00:00
defaults	Chrony: new NTP server defaults	2019-01-10 09:48:50 +00:00
doc	docs: Write files in binary mode	2018-10-04 00:55:07 +01:00
files	Add support for the openSUSE Leap distributions	2017-06-27 15:43:53 +01:00
handlers	Always quote the filesystem permissions	2017-11-08 10:56:07 -06:00
library	Verify password age limits [+Docs]	2016-12-08 09:44:23 -06:00
meta	SUSE: Add support for openSUSE Leap 15	2018-08-10 09:48:27 +03:00
releasenotes	Update master for stable/stein	2019-04-08 09:13:17 +00:00
tasks	Switch to using import_tasks for static inclusion	2019-01-08 11:54:21 +00:00
templates	Switch to rtcsync for chrony	2019-01-15 09:35:09 -05:00
test_plugins	Add equalto Jinja2 test for EL7	2017-06-30 09:13:16 -05:00
tests	Add retries to package installations	2018-06-16 19:15:12 -04:00
vars	Replace Fedora 26 with 27	2018-03-07 13:30:45 +00:00
zuul.d	debian: drop stable job	2019-04-08 00:41:06 +00:00
.gitignore	Updated from OpenStack Ansible Tests	2018-10-02 14:56:48 +00:00
.gitreview	Fix .gitreview	2017-05-30 18:27:52 +00:00
.zuul.yaml	import zuul job settings from project-config	2018-08-09 03:12:05 +00:00
LICENSE	Initial import of openstack-ansible-security role	2015-10-07 07:27:39 -05:00
README.md	Add release note link in README	2018-06-29 14:38:56 +08:00
README.rst	Add document information to readme	2018-07-13 19:25:02 +08:00
Vagrantfile	Updated from OpenStack Ansible Tests	2018-09-28 06:23:44 +00:00
bindep.txt	Updated from OpenStack Ansible Tests	2017-12-06 00:07:09 +00:00
manual-test.rc	Use centralised test scripts	2016-09-28 12:16:50 +01:00
run_tests.sh	Updated from OpenStack Ansible Tests	2018-09-29 04:57:30 +00:00
setup.cfg	Update the homepage url	2018-05-07 02:19:48 +00:00
setup.py	Updated from global requirements	2017-03-02 11:52:32 +00:00
tox.ini	fix tox python3 overrides	2018-11-06 05:22:32 +00:00

README.md

ansible-hardening

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide (STIG) to systems running the following distributions:

CentOS 7
Debian Jessie
Fedora 27
openSUSE Leap 42.2 and 42.3
Red Hat Enterprise Linux 7
SUSE Linux Enterprise 12 (experimental)
Ubuntu 16.04

For more details, review the ansible-hardening documentation.

Release notes for the project can be found at: https://docs.openstack.org/releasenotes/ansible-hardening

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

Ubuntu 16.04
CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.