openstack
/
openstack-ansible-security
Code Issues Proposed changes
RETIRED, Security Role for OpenStack-Ansible
245 Commits 3 Branches 85 Tags 8.2 MiB
Go to file
Major Hayden 809b6cb52d Restart auditd after running augenrules 
The augenrules command joins together all of the audit rules from
rules.d and it is run any time the audit rules template changes. However,
the augenrules handler didn't actually restart auditd to apply the
changes to the system.

This patch fires off the auditd restart handler anytime the augenrules
handler is notified.

Closes-bug: 1590916

Change-Id: Ice83fe17ebb0e9edff9da897e435ae96c1778580
 		2016-06-09 15:14:42 -05:00
defaults Merge "Setting default runlevel/target to non-graphical" 2016-06-03 01:01:01 +00:00
doc Merge "Setting default runlevel/target to non-graphical" 2016-06-03 01:01:01 +00:00
files Add ability to enable unattended upgrades 2016-04-15 11:58:29 +01:00
handlers Restart auditd after running augenrules 2016-06-09 15:14:42 -05:00
meta Add CentOS 7 and Ubuntu 16.04 support 2016-05-13 14:57:28 -05:00
releasenotes Restart auditd after running augenrules 2016-06-09 15:14:42 -05:00
tasks Merge "Setting default runlevel/target to non-graphical" 2016-06-03 01:01:01 +00:00
templates Add /etc/apparmor.d/ for auditing 2016-05-31 18:30:57 +00:00
tests Add CentOS 7 and Ubuntu 16.04 support 2016-05-13 14:57:28 -05:00
vars Ensure V-38574 works reliably on CentOS 2016-05-31 15:39:56 +00:00
.gitignore Add .swp files to .gitignore 2016-05-04 08:56:41 -05:00
.gitreview Added .gitreview 2015-10-05 17:37:21 +00:00
LICENSE Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
README.md Merge "Adding Vagrant setup for deploying security-ansible" 2016-02-05 16:12:33 +00:00
README.rst Add a note to the README file where to report bugs 2016-05-27 17:06:40 +02:00
Vagrantfile Adding Vagrant setup for deploying security-ansible 2016-01-25 08:04:26 -08:00
other-requirements.txt Add CentOS 7 and Ubuntu 16.04 support 2016-05-13 14:57:28 -05:00
run_tests.sh Add dependencies for paramiko 2.0 2016-05-03 08:58:41 +01:00
setup.cfg Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
setup.py Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
test-requirements.txt Add reno scaffolding for release notes management 2016-04-28 23:15:13 +00:00
tox.ini Ensure V-38574 works reliably on CentOS 2016-05-31 15:39:56 +00:00

README.md

openstack-ansible-security

The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

Requirements

This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - openstack-ansible-security

Running with Vagrant

Security Ansible can be easily run for testing using Vagrant.

To do so run: vagrant destroy To destroy any previously created Vagrant setup vagrant up Spin up Ubuntu Trusty VM and run ansible-security against it

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.