Add more test coverage

This commit cleans up the testing variables and enables more tasks in
the CI jobs.

Change-Id: Ia937928e46b8ffefc54b499b8d8383ad4d81d907
This commit is contained in:
Major Hayden 2017-05-24 09:48:01 -05:00
parent d7600f1a12
commit 40c744c86d
2 changed files with 14 additions and 18 deletions

View File

@ -373,13 +373,6 @@ security_unattended_upgrades_notifications: false
# | _ <| _ | |___| |___ / / ___) || | | | |_| |
# |_| \_\_| |_|_____|_____| /_/ |____/ |_| |___\____|
#
# UNDER ACTIVE DEVELOPMENT
#
# The default configurations after this marker apply to the RHEL 7 STIG
# content in the openstack-ansible-security role. This content is still under
# active development and will not be applied to systems by default until
# the development work is complete.
#
###############################################################################
## AIDE (aide)

View File

@ -77,23 +77,26 @@
roles:
- role: "openstack-ansible-security"
vars:
security_disable_account_if_password_expires: yes
security_enable_firewalld: yes
security_pwquality_apply_rules: yes
security_enable_pwquality_password_set: yes
security_lock_session: yes
security_pwquality_require_minimum_password_length: yes
security_package_clean_on_remove: yes
security_pam_faillock_enable: yes
security_password_remember_password: 5
security_reset_perm_ownership: yes
security_require_grub_authentication: yes
security_rhel7_automatic_package_updates: yes
security_rhel7_initialize_aide: yes
security_rhel7_remove_shosts_files: yes
security_search_for_invalid_owner: yes
security_search_for_invalid_group_owner: yes
security_unattended_upgrades_enabled: yes
security_unattended_upgrades_notifications: yes
security_rhel7_automatic_package_updates: yes
# NOTE(mhayden): clamav is only available if EPEL is installed. There needs
# to be some work done to figure out how to install EPEL for use with
# this role without causing disruptions on the system.
security_enable_virus_scanner: no
security_run_virus_scanner_update: no
security_search_for_invalid_owner: yes
security_search_for_invalid_group_owner: yes
security_enable_firewalld: yes
security_password_remember_password: 5
security_disable_account_if_password_expires: yes
security_rhel7_initialize_aide: yes
security_require_grub_authentication: yes
security_set_home_directory_permissions_and_owners_recursively: no
security_reset_perm_ownership: yes
security_rhel7_remove_shosts_files: yes