Ansible role for security hardening

Go to file

Jonathan Rosser 480dd9d866 Remove references to unsupported operating systems All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed. Conditional tasks, ternary operators and variables are simplified where possible OS specific variables files are generalised where possible Change-Id: Id3136a5eed068e317aa1a7b33a1149629dc76d77		2021-06-11 14:14:20 +00:00
defaults	Remove references to unsupported operating systems	2021-06-11 14:14:20 +00:00
doc	Make possible to avoid aide installation	2021-02-02 14:12:10 +00:00
examples	Switch hardening to integrated tests	2021-05-21 17:28:39 +03:00
files	changed disable dccp conf for preventing kernel messages	2019-10-21 13:18:03 +02:00
handlers	Always quote the filesystem permissions	2017-11-08 10:56:07 -06:00
library	Fix linter errors	2021-02-02 16:11:03 +02:00
meta	Remove references to unsupported operating systems	2021-06-11 14:14:20 +00:00
releasenotes	Make possible to avoid aide installation	2021-02-02 14:12:10 +00:00
tasks	Remove references to unsupported operating systems	2021-06-11 14:14:20 +00:00
templates	Use ansible_facts[] instead of fact variables	2021-03-10 16:54:58 +00:00
test_plugins	Add equalto Jinja2 test for EL7	2017-06-30 09:13:16 -05:00
tests	Use ansible_facts[] instead of fact variables	2021-03-10 16:54:58 +00:00
vars	Remove references to unsupported operating systems	2021-06-11 14:14:20 +00:00
zuul.d	Switch hardening to integrated tests	2021-05-21 17:28:39 +03:00
.ansible-lint	Fix linter errors	2021-02-02 16:11:03 +02:00
.gitignore	Updated from OpenStack Ansible Tests	2020-06-04 09:21:15 +02:00
.gitreview	OpenDev Migration Patch	2019-04-19 19:34:44 +00:00
CONTRIBUTING.rst	[ussuri][goal] Update contributor documentation	2020-05-12 23:39:23 +03:00
LICENSE	Initial import of openstack-ansible-security role	2015-10-07 07:27:39 -05:00
README.md	Remove references to unsupported operating systems	2021-06-11 14:14:20 +00:00
README.rst	update source link in readme	2019-10-05 11:37:36 +08:00
Vagrantfile	Updated from OpenStack Ansible Tests	2021-03-22 08:53:32 +00:00
bindep.txt	Updated from OpenStack Ansible Tests	2021-03-12 22:23:17 +00:00
manual-test.rc	Use centralised test scripts	2016-09-28 12:16:50 +01:00
run_tests.sh	Updated from OpenStack Ansible Tests	2021-03-12 22:23:17 +00:00
setup.cfg	Cleanup py27 support	2020-04-25 15:07:26 +02:00
setup.py	Cleanup py27 support	2020-04-25 15:07:26 +02:00
test-requirements.txt	Enable syncing of docs	2020-06-03 22:04:16 +02:00
tox.ini	Enable syncing of docs	2020-06-03 22:04:16 +02:00

README.md

ansible-hardening

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide (STIG) to systems running the following distributions:

CentOS 8
Debian Buster
Ubuntu Bionic
Ubuntu Focal

For more details, review the ansible-hardening documentation.

Release notes for the project can be found at: https://docs.openstack.org/releasenotes/ansible-hardening

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

Ubuntu 16.04
CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.