openstack
/
ansible-hardening
Code Issues Proposed changes
Ansible role for security hardening
826 Commits 8 Branches 139 Tags 5.3 MiB
Jinja 44.5%
Python 41.2%
Shell 14.3%
Go to file
Major Hayden 2d407a5399
Add scaffolding for contrib tasks 
This patch adds the basic scaffolding for developer-contributed
hardening standards that are outside the scope of the Security
Technical Implementation Guide (STIG). Deployers have the option
to deploy these hardening standards as well.

Change-Id: I33175ffd36a75d27e5ac6c13aaf1584e5fdf23dd
 		2017-11-08 07:28:47 -06:00
defaults Add scaffolding for contrib tasks 2017-11-08 07:28:47 -06:00
doc Add scaffolding for contrib tasks 2017-11-08 07:28:47 -06:00
files Add support for the openSUSE Leap distributions 2017-06-27 15:43:53 +01:00
handlers Do not update grub if grub not used 2017-04-13 12:34:22 +00:00
library Verify password age limits [+Docs] 2016-12-08 09:44:23 -06:00
meta Add role maturity metadata to ansible-hardening 2017-11-03 13:50:50 +00:00
releasenotes Update to RHEL 7 STIG V1R3 2017-11-01 13:31:34 -05:00
tasks Add scaffolding for contrib tasks 2017-11-08 07:28:47 -06:00
templates Merge "Fix logic error" 2017-10-20 16:12:24 +00:00
test_plugins Add equalto Jinja2 test for EL7 2017-06-30 09:13:16 -05:00
tests Add scaffolding for contrib tasks 2017-11-08 07:28:47 -06:00
vars Add scaffolding for contrib tasks 2017-11-08 07:28:47 -06:00
zuul.d Remove Zuulv3 queue and add linters test 2017-10-23 14:49:23 -05:00
.gitignore Sync test files with the openstack-ansible-tests repository 2017-06-27 13:25:35 +01:00
.gitreview Fix .gitreview 2017-05-30 18:27:52 +00:00
LICENSE Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
README.md Queens doc updates + removal of RHEL 6 STIG 2017-09-12 08:19:54 -06:00
README.rst [Docs] Replace security role references 2017-06-12 18:59:28 +00:00
Vagrantfile Manually check apparmor_status 2017-08-16 09:02:42 -05:00
bindep.txt Updated from OpenStack Ansible Tests 2017-09-12 23:56:13 +00:00
manual-test.rc Use centralised test scripts 2016-09-28 12:16:50 +01:00
run_tests.sh Updated from OpenStack Ansible Tests 2017-10-24 14:26:47 +00:00
setup.cfg [Docs] Replace security role references 2017-06-12 18:59:28 +00:00
setup.py Updated from global requirements 2017-03-02 11:52:32 +00:00
test-requirements.txt Updated from global requirements 2017-09-16 23:09:59 +00:00
tox.ini Queens doc updates + removal of RHEL 6 STIG 2017-09-12 08:19:54 -06:00

README.md

ansible-hardening

ansible-hardening-logo

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide (STIG) to systems running the following distributions:

  • CentOS 7
  • Debian Jessie
  • Fedora 26
  • openSUSE Leap 42.2 and 42.3
  • Red Hat Enterprise Linux 7
  • SUSE Linux Enterprise 12 (experimental)
  • Ubuntu 16.04

For more details, review the ansible-hardening documentation.

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.