openstack
/
openstack-ansible-security
Code Issues Proposed changes
RETIRED, Security Role for OpenStack-Ansible
224 Commits 3 Branches 85 Tags 8.2 MiB
Go to file
Major Hayden ca9b7decdf Disable DAC change auditing 
This patch disables all of the discretionary access control (DAC)
auditing in auditd. This should reduce the volume of logs created
during deployments and during OpenStack CI jobs.

The patch also corrects an incorrect key in the audit logs for
V-38568.

Manual backport of I193f739647cfb7d0ce395984b51867bf6bd46cd8.

Closes-Bug: 1620849
Change-Id: I77b1322874ca3c55cc8d52476bb1eda5d86de2dc
 		2016-09-07 15:36:45 +00:00
defaults Disable DAC change auditing 2016-09-07 15:36:45 +00:00
doc Disable DAC change auditing 2016-09-07 15:36:45 +00:00
files V-38682: Disable bluetooth modules 2015-10-14 21:23:11 -05:00
handlers Ensure AIDE initializes on subsequent runs 2016-08-29 11:11:09 -05:00
meta Bump minimum required version of Ansible 2016-01-13 12:41:02 -08:00
releasenotes Disable DAC change auditing 2016-09-07 15:36:45 +00:00
tasks Disable martian logging by default 2016-09-06 10:24:58 -05:00
templates Disable DAC change auditing 2016-09-07 15:36:45 +00:00
tests Add check/audit to gate testing 2016-06-13 13:37:04 +00:00
vars Enable role testing and make structure ansible-galaxy compatible 2015-10-09 11:47:23 +00:00
.gitignore Add .swp files to .gitignore 2016-05-04 14:13:33 +00:00
.gitreview Update .gitreview for stable/mitaka 2016-04-02 14:46:00 -04:00
LICENSE Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
README.md Merge "Adding Vagrant setup for deploying security-ansible" 2016-02-05 16:12:33 +00:00
README.rst Add a note to the README file where to report bugs 2016-06-22 19:38:02 +00:00
Vagrantfile Adding Vagrant setup for deploying security-ansible 2016-01-25 08:04:26 -08:00
other-requirements.txt Add dependencies for paramiko 2.0 2016-05-03 21:00:42 +00:00
run_tests.sh Add dependencies for paramiko 2.0 2016-05-03 21:00:42 +00:00
setup.cfg Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
setup.py Initial import of openstack-ansible-security role 2015-10-07 07:27:39 -05:00
test-requirements.txt Update tox configuration 2016-07-08 17:14:04 +01:00
tox.ini Update tox configuration 2016-07-08 17:14:04 +01:00

README.md

openstack-ansible-security

The goal of the openstack-ansible-security role is to improve security within openstack-ansible deployments. The role is based on the Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

Requirements

This role can be used with or without the openstack-ansible role. It requires Ansible 1.8.3 at a minimum.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - openstack-ansible-security

Running with Vagrant

Security Ansible can be easily run for testing using Vagrant.

To do so run: vagrant destroy To destroy any previously created Vagrant setup vagrant up Spin up Ubuntu Trusty VM and run ansible-security against it

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.