Ansible role for security hardening
Go to file
Major Hayden 9a9b31f629
Remove old /etc/profile config block
When the openstack-ansible-security role became ansible-hardening,
a new config block was added to `/etc/profile` without removing
the original one with the openstack-ansible-security markers. This
causes errors on the command prompt since `TMOUT` is defined twice.

This patch removes the old config block using blockinfile.

Closes-Bug: 1736702
Change-Id: I2768182f5dde3368028a1a25af69db6ac7a75d9b
(cherry picked from commit c8a59a1c9a)
2017-12-15 16:11:13 -06:00
defaults Change default prohibit root sshd password auth 2017-08-18 15:20:35 +00:00
doc Change default prohibit root sshd password auth 2017-08-18 15:20:35 +00:00
files [Docs] Replace security role references 2017-06-15 13:10:50 +00:00
handlers Do not update grub if grub not used 2017-05-10 14:54:40 +00:00
library Verify password age limits [+Docs] 2016-12-08 09:44:23 -06:00
meta Add CentOS 7 and Ubuntu 16.04 support 2016-05-13 14:57:28 -05:00
releasenotes Skip sysctl configs when enabled: no 2017-08-23 20:30:21 +00:00
tasks Remove old /etc/profile config block 2017-12-15 16:11:13 -06:00
templates Fix logic error 2017-11-13 14:27:13 -08:00
test_plugins Add equalto Jinja2 test for EL7 2017-07-12 17:09:17 +00:00
tests Used cached git sources and enable depends-on 2017-11-06 18:52:25 +00:00
vars Configure pam_faildelay on Ubuntu 2017-09-05 11:55:29 -05:00
zuul.d Used cached git sources and enable depends-on 2017-11-06 18:52:25 +00:00
.gitignore Updated from OpenStack Ansible Tests 2017-08-25 11:28:34 +00:00
.gitreview Fix .gitreview for older branches 2017-05-31 13:05:19 +00:00
LICENSE Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
README.md [Docs] Replace security role references 2017-06-15 13:10:50 +00:00
README.rst [Docs] Replace security role references 2017-06-15 13:10:50 +00:00
Vagrantfile Updated from OpenStack Ansible Tests 2017-08-25 11:28:34 +00:00
bindep.txt Updated from OpenStack Ansible Tests 2017-08-25 11:28:34 +00:00
manual-test.rc Use centralised test scripts 2016-09-28 12:16:50 +01:00
run_tests.sh Used cached git sources and enable depends-on 2017-11-06 18:52:25 +00:00
setup.cfg [Docs] Replace security role references 2017-06-15 13:10:50 +00:00
setup.py Updated from global requirements 2016-07-15 11:26:50 +00:00
test-requirements.txt Updated from global requirements 2017-01-12 09:42:41 +00:00
tox.ini Used cached git sources and enable depends-on 2017-11-06 18:52:25 +00:00

README.md

ansible-hardening

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide(STIG) to systems running the following distributions:

  • CentOS 7
  • Debian Jessie (experimental)
  • Ubuntu 14.04 (deprecated)
  • Ubuntu 16.04
  • Red Hat Enterprise Linux 7

For more details, review the ansible-hardening documentation.

Requirements

This role can be used with or without the OpenStack-Ansible role. It requires Ansible 1.9.1 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 14.04
  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.