openstack/openstack-ansible-security
Code Issues Proposed changes
307 Commits 3 Branches 85 Tags
f85e9e4b72f6daba8ea1bd0f5931e69bd1c7574a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Major Hayden f85e9e4b72 Skip SNMPv1/2 (V-38660) checks in gate 
The CI gate job images have SNMPv1/2 configurations applied and
they are in the process of being removed. This patch should get
the openstack-ansible-security gate jobs unblocked by skipping
V-38660 temporarily.

When https://review.openstack.org/#/c/354819/ merges and new
images are deployed, this task won't need to be skipped.

Change-Id: I2bad2ce8bb5ba73356d224ce1093bc4f19fe75b9
2016-08-16 18:22:27 +00:00
defaults
Adjust TCP syncookes variable to bool
2016-08-09 08:29:31 -05:00
doc
Adjust TCP syncookes variable to bool
2016-08-09 08:29:31 -05:00
files
Add ability to enable unattended upgrades
2016-04-15 11:58:29 +01:00
handlers
Restart auditd after running augenrules
2016-06-09 15:14:42 -05:00
meta
Add CentOS 7 and Ubuntu 16.04 support
2016-05-13 14:57:28 -05:00
releasenotes
Adjust TCP syncookes variable to bool
2016-08-09 08:29:31 -05:00
tasks
Adjust TCP syncookes variable to bool
2016-08-09 08:29:31 -05:00
templates
Add audit rules to support ppc64le architecture.
2016-07-25 04:23:01 -05:00
tests
Add check/audit to gate testing
2016-06-07 13:22:12 +00:00
vars
Fix chrony daemon name for rh derivatives
2016-07-19 15:45:48 +01:00
.gitignore
Add support for Xenial and CentOS 7 to the Vagrantfile
2016-06-14 16:18:22 -04:00
.gitreview
Added .gitreview
2015-10-05 17:37:21 +00:00
bindep.txt
Move other-requirements.txt to bindep.txt
2016-08-14 05:18:30 -05:00
LICENSE
Initial import of openstack-ansible-security role
2015-10-07 07:27:39 -05:00
README.md
Add support for Xenial and CentOS 7 to the Vagrantfile
2016-06-14 16:18:22 -04:00
README.rst
Add a note to the README file where to report bugs
2016-05-27 17:06:40 +02:00
run_tests.sh
Add python-apt for check mode
2016-08-11 16:03:08 -05:00
setup.cfg
Initial import of openstack-ansible-security role
2015-10-07 07:27:39 -05:00
setup.py
Updated from global requirements
2016-07-15 11:26:50 +00:00
test-requirements.txt
Updated from global requirements
2016-07-21 13:42:33 +00:00
tox.ini
Skip SNMPv1/2 (V-38660) checks in gate
2016-08-16 18:22:27 +00:00
Vagrantfile
Add support for Xenial and CentOS 7 to the Vagrantfile
2016-06-14 16:18:22 -04:00

README.md

openstack-ansible-security

The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

Requirements

This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - openstack-ansible-security

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 14.04
  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.

View Git Blame Copy Permalink
Description
RETIRED, Security Role for OpenStack-Ansible
Readme 8.4 MiB