openstack/openstack-ansible-security
Code Issues Proposed changes
217 Commits 3 Branches 85 Tags
373a03ebf8fd326a8263dd2f9f36ddc2d19bd231
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Major Hayden 373a03ebf8 Fix duplicated config options in auditd.conf 
The regular expressions for max_log_file and space_left
were not specific enough and the options were repeated in the
auditd.conf over multiple runs of the security role. This patch
makes those regular expressions more specific.

A manual backport was required due to some variable namespacing
work done in master.

Closes-bug: 1604958
Change-Id: I56925d6b983d156543ba853b3dca846fb460949e
2016-07-21 11:13:36 -05:00
defaults
Allow AppArmor to be enabled
2016-06-13 08:36:31 -05:00
doc
Docs: Fix rendering of :orphan:
2016-06-27 20:42:41 +00:00
files
V-38682: Disable bluetooth modules
2015-10-14 21:23:11 -05:00
handlers
Restart auditd after running augenrules
2016-06-10 12:54:52 +00:00
meta
Bump minimum required version of Ansible
2016-01-13 12:41:02 -08:00
releasenotes
Merge "Restart auditd after running augenrules" into stable/mitaka
2016-06-14 14:12:58 +00:00
tasks
Fix duplicated config options in auditd.conf
2016-07-21 11:13:36 -05:00
templates
Add key fields to audit rules
2016-06-13 18:52:58 +00:00
tests
Add check/audit to gate testing
2016-06-13 13:37:04 +00:00
vars
Enable role testing and make structure ansible-galaxy compatible
2015-10-09 11:47:23 +00:00
.gitignore
Add .swp files to .gitignore
2016-05-04 14:13:33 +00:00
.gitreview
Update .gitreview for stable/mitaka
2016-04-02 14:46:00 -04:00
LICENSE
Initial import of openstack-ansible-security role
2015-10-07 07:27:39 -05:00
other-requirements.txt
Add dependencies for paramiko 2.0
2016-05-03 21:00:42 +00:00
README.md
Merge "Adding Vagrant setup for deploying security-ansible"
2016-02-05 16:12:33 +00:00
README.rst
Add a note to the README file where to report bugs
2016-06-22 19:38:02 +00:00
run_tests.sh
Add dependencies for paramiko 2.0
2016-05-03 21:00:42 +00:00
setup.cfg
Initial import of openstack-ansible-security role
2015-10-07 07:27:39 -05:00
setup.py
Initial import of openstack-ansible-security role
2015-10-07 07:27:39 -05:00
test-requirements.txt
Update tox configuration
2016-07-08 17:14:04 +01:00
tox.ini
Update tox configuration
2016-07-08 17:14:04 +01:00
Vagrantfile
Adding Vagrant setup for deploying security-ansible
2016-01-25 08:04:26 -08:00

README.md

openstack-ansible-security

The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

Requirements

This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - openstack-ansible-security

Running with Vagrant

Security Ansible can be easily run for testing using Vagrant.

To do so run: vagrant destroy To destroy any previously created Vagrant setup vagrant up Spin up Ubuntu Trusty VM and run ansible-security against it

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.

View Git Blame Copy Permalink
Description
RETIRED, Security Role for OpenStack-Ansible
Readme 8.4 MiB