All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: Id3136a5eed068e317aa1a7b33a1149629dc76d77
Now that infra is moving from Fedora 26 to 27, we need to update
the role to reflect the changing support for Fedora releases.
Change-Id: Icce8fd7ee2f8c54e6eb33beec7af96c4d1d375d6
Signed-off-by: Major Hayden <major@mhtx.net>
This patch begins the teardown of the RHEL 6 STIG content from the
ansible-hardening repository. It will still be maintained in
Pike and earlier branches.
This patch also updates the ansible-hardening documentation for the
Queens release and notes that Pike is the latest stable version.
Closes-Bug: 1715745
Change-Id: Iaae52c97a35d82dd807ef78a1a6593ce3aa33540
This patch corrects the list of suppored OS versions and puts
them in alphabetical order. It also updates the list of platforms
in meta/main.yml.
Change-Id: I6ba6713997c08a21c39e533047849878e710c485
Add support for the openSUSE Leap distributions. The security rules
are similar to the RedHat and Ubuntu ones. We also replace
ansible_os_family with ansible_pkg_mgr since the former does not
return consistent results across different SUSE distributions especially
on older Ansible versions.
Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
This patch adds a logo for ansible-hardening and adds the newly
supported operating systems to the documentation.
Change-Id: I568cac1ff5f07283533f09a662be53ca0c20c602
This patch cleans up various parts of the security role docs:
* Updates README files
* Uses jinja2 includes rather than sphinx includes (faster builds)
* Adds sphinx refs for each STIG control and implementation status
* Adds ToC's to pages that didn't have them
* Updated getting started and special notes guide
* Makes deviations more clear
Change-Id: I1eed2705c64a857bd94577dbe735f2516ca87732
This commit adds an initial Vagrant setup that will run the
security ansible tests in check mode against a clean Ubuntu
Trusty 64 image.
Change-Id: If5499dd111c66b9888d3fbc0772c568ef08954f5
Co-Authored-By: Rob Clark <robert.clark@hpe.com>
Co-Authored-By: Eric Brown <browne@vmware.com>
Prior to Ansible 1.8.3, the sysctl module had a bug where improperly
tries to use lower() on an int value.
http://paste.openstack.org/show/483785/
Change-Id: I8866fce3c20dbf91f6c79dcda2e34ecf6ae5084c
This patch adds the bits needed to implement automated syntax/lint
role testing. It also moves the role into the base repository so
that the role becomes fully compatible with ansible-galaxy to
improve the role's consumability.
Change-Id: Ia79cd5dedbbe50dfdf46688830a989ff0897832a