openstack
/
ansible-hardening
Code Issues Proposed changes
ansible-hardening/releasenotes/notes
History
Andy McCrae c05e36f48d Change PermitRootLogin to allow alternate options 
PermitRootLogin can be 'yes', 'no', 'without-password',
'prohibit-password' or 'forced-commands-only'.
This patch changes the functionality to ensure that
security_sshd_permit_root_login is one of the above settings - if so, it
will use that value.

Due to the way Ansible handles "no" and "yes", we have to check if the
value is "False" (string equivalent for boolean no), and if so output
"no", otherwise output the string (which would be one of the above
options).

Previously, we could only set this value to 'no'.

Change-Id: I5ee5ff6abc4578d17d4b23d8a2fa1648508ceeed
(cherry picked from commit f32cb3c081)
 		2017-11-27 10:00:34 +00:00
..
.placeholder Add reno scaffolding for release notes management 2016-04-28 23:15:13 +00:00
add-v38438-3f7e905892be4b4f.yaml Adding V-38438 (auditd during boot) 2016-09-06 13:21:11 +00:00
adding-v38526-381a407caa566b14.yaml Implemented: V-38526. 2016-08-18 08:26:56 -05:00
adding-v38548-9c51b30bf9780ff3.yaml Implemented: V-38548. 2016-08-23 16:07:48 +00:00
aide-exclude-run-4d3c97a2d08eb373.yaml Exclude /run from AIDE checks 2016-08-26 09:17:18 -05:00
aide-initialization-fix-16ab0223747d7719.yaml Ensure AIDE initializes on subsequent runs 2016-08-25 12:56:35 +00:00
allow-custom-epel-release-packages-b409be1aa46ee9c3.yaml Allow epel-release package name customization 2017-07-12 18:14:58 +00:00
auditing-mac-policy-changes-fb83e0260a6431ed.yaml Adding audit rule for SELinux policy modifications 2016-05-27 13:28:02 +00:00
augenrules-restart-39fe3e1e2de3eaba.yaml Restart auditd after running augenrules 2016-06-09 15:14:42 -05:00
chrony-config-variable-7a1a7862c05c9675.yaml Speed up package install/removal 2016-11-03 13:30:56 -05:00
conditionally-install-epel-9e8e1b67e5943019.yaml Conditionally install EPEL if needed 2017-07-12 15:40:33 +00:00
configurable-martian-logging-370ede40b036db0b.yaml Disable martian logging by default 2016-08-31 15:56:05 -05:00
customizable-login-banner-string-d8d5ae874e8e49f3.yaml Make login banner customizable 2017-04-05 08:32:39 -05:00
dictionary-variables-removed-957c7b7b2108ba1f.yaml Switch from dict to individual variables 2016-05-05 08:32:38 -05:00
disable-failed-access-audit-logging-789dc01c8bcbef17.yaml Switch from dict to individual variables 2016-05-05 08:32:38 -05:00
disable-graphical-interface-5db89cd1bef7e12d.yaml Setting default runlevel/target to non-graphical 2016-05-31 10:39:02 -05:00
disable-netconsole-service-915bb33449b4012c.yaml Disable the netconsole service (if present) 2016-05-20 15:41:13 -05:00
disable-rpm-perms-fix-by-default-b164e39717f0ada7.yaml Disable file perm/ownership reset 2017-03-04 15:27:45 +00:00
disabling-rdisc-centos-75115b3509941bfa.yaml Disable the rdisc service (if present) 2016-05-23 07:50:02 -05:00
enable-lsm-bae903e463079a3f.yaml Enable LSM instead of checking status 2016-05-26 09:16:42 -05:00
enable-tcp-syncookes-boolean-4a884a66a3a0e4d7.yaml Adjust TCP syncookes variable to bool 2016-08-09 08:29:31 -05:00
fedora-26-support-70a304f9c97d1b37.yaml Add release note for F26 support 2017-09-07 21:22:58 +00:00
fix-audit-log-permission-bug-81a772e2e6d0a5b3.yaml Fix auditd log permission bug 2016-05-23 16:02:36 -05:00
fix-check-mode-with-tags-bf798856a27c53eb.yaml Set check_mode variable every time 2016-06-07 13:05:49 -05:00
handling-sshd-match-stanzas-fa40b97689004e46.yaml Handle Match properly in sshd_config 2016-05-09 16:07:47 -05:00
implemented-v38524-b357edec95128307.yaml Add release note for V-38524 implementation 2016-06-09 13:02:49 +00:00
improved-audit-rule-keys-9fa85f758386446c.yaml Add key fields to audit rules 2016-06-09 13:42:21 -05:00
ntp-bind-local-interfaces-only-05f03de632e81097.yaml Add new parameter 'security_ntp_bind_local_interfaces_only' 2016-05-27 11:08:17 +00:00
package-state-6684c5634bdf127a.yaml Add ability to change apt/yum package state 2016-08-02 16:01:01 +01:00
package-state-present-951161faa5384abd.yaml Change package state to 'present' 2016-11-14 14:17:58 -06:00
password-lifetime-opt-in-c380f0ec81daffd0.yaml Add release note for password lifetime patches 2017-06-13 06:33:04 +00:00
permitrootlogin_options-a62e33ccc4a69657.yaml Change PermitRootLogin to allow alternate options 2017-11-27 10:00:34 +00:00
reduce-auditd-logging-633677a74aee5481.yaml Disable DAC change auditing 2016-09-07 07:38:11 -05:00
rhel-gpg-check-0b483a824314d1b3.yaml Add initial support for Red Hat Enterprise Linux 7 2016-06-09 09:02:50 -05:00
rhel7-stig-default-f6c7c97498a8b2e7.yaml Enable RHEL 7 STIG tasks as default [+Docs] 2017-01-13 19:06:07 +00:00
search-for-unlabeled-devices-cb047c5f767e93ce.yaml Search for unlabeled device files 2016-06-01 20:08:30 +00:00
shosts-file-search-opt-in-887f600a79eef07e.yaml Make .shosts search/removal opt in 2017-03-07 12:14:15 -06:00
skip-sysctl-when-disabled-b32eca48df5b1437.yaml Skip sysctl configs when enabled: no 2017-08-22 13:53:39 +00:00
sshd-permit-root-login-without-password-948ec79c6508c19b.yaml Change default prohibit root sshd password auth 2017-08-16 14:05:18 +00:00
stig-rhel7-version-1-renumbering-fiesta-aa047fea3ea35e74.yaml Handle RHEL 7 STIG renumbering 2017-04-04 07:22:12 -05:00
support-for-centos-xenial-2b89c318cc3df4b0.yaml Add CentOS 7 and Ubuntu 16.04 support 2016-05-13 14:57:28 -05:00
unique-variable-migration-c0639030b495438f.yaml Migrate to unique variable names 2016-05-09 16:18:48 -05:00
world-writable-file-search-optional-7420269230a0e22f.yaml Optionally search for world-writable files 2017-11-10 13:11:37 +00:00