openstack
/
ansible-hardening
Code Issues Proposed changes
Ansible role for security hardening
965 Commits 9 Branches 140 Tags 5.3 MiB
Jinja 44.5%
Python 41.2%
Shell 14.3%
Go to file
Jeff Albert 8db1a33cbf Splits STIG yum add/removes 
In order to prevent RPM database corruption on the target hosts, this
change splits the STIG yum add/remove tasks into two separate plays.

Change-Id: I68751339d5b4cbfb61b8e3cf4ffbfeb47ea5fd76
Closes-Bug: #1851954
 		2019-11-09 11:35:42 -08:00
defaults Chrony: new NTP server defaults 2019-01-10 09:48:50 +00:00
doc PDF Documentation Build tox target 2019-10-17 17:37:23 +00:00
files changed disable dccp conf for preventing kernel messages 2019-10-21 13:18:03 +02:00
handlers Always quote the filesystem permissions 2017-11-08 10:56:07 -06:00
library Verify password age limits [+Docs] 2016-12-08 09:44:23 -06:00
meta SUSE: Add support for openSUSE Leap 15 2018-08-10 09:48:27 +03:00
releasenotes Update master for stable/train 2019-10-22 18:51:18 +00:00
tasks Splits STIG yum add/removes 2019-11-09 11:35:42 -08:00
templates Switch to rtcsync for chrony 2019-01-15 09:35:09 -05:00
test_plugins Add equalto Jinja2 test for EL7 2017-06-30 09:13:16 -05:00
tests Add retries to package installations 2018-06-16 19:15:12 -04:00
vars Replace Fedora 26 with 27 2018-03-07 13:30:45 +00:00
zuul.d debian: drop stable job 2019-04-08 00:41:06 +00:00
.gitignore Updated from OpenStack Ansible Tests 2018-10-02 14:56:48 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:34:44 +00:00
.zuul.yaml import zuul job settings from project-config 2018-08-09 03:12:05 +00:00
LICENSE Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
README.md Add release note link in README 2018-06-29 14:38:56 +08:00
README.rst update source link in readme 2019-10-05 11:37:36 +08:00
Vagrantfile Updated from OpenStack Ansible Tests 2019-07-18 22:21:19 +00:00
bindep.txt Updated from OpenStack Ansible Tests 2019-05-09 11:36:17 +00:00
manual-test.rc Use centralised test scripts 2016-09-28 12:16:50 +01:00
run_tests.sh Updated from OpenStack Ansible Tests 2019-07-18 22:21:19 +00:00
setup.cfg Change openstack-dev to openstack-discuss 2018-12-05 23:31:42 +08:00
setup.py Updated from global requirements 2017-03-02 11:52:32 +00:00
tox.ini PDF Documentation Build tox target 2019-10-17 17:37:23 +00:00

README.md

ansible-hardening

ansible-hardening-logo

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide (STIG) to systems running the following distributions:

  • CentOS 7
  • Debian Jessie
  • Fedora 27
  • openSUSE Leap 42.2 and 42.3
  • Red Hat Enterprise Linux 7
  • SUSE Linux Enterprise 12 (experimental)
  • Ubuntu 16.04

For more details, review the ansible-hardening documentation.

Release notes for the project can be found at: https://docs.openstack.org/releasenotes/ansible-hardening

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

  • Ubuntu 16.04
  • CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.