Fixing testing bug
Change-Id: I98954dcb26ff28c94f97e0d4a85a8bee7bc27b30
This commit is contained in:
Major Hayden
parent
141c1dcf24
commit
97f9891166
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: OpenStack
|
author: OpenStack
|
||||||
description: Security hardening role for OpenStack Ansible
|
description: Security hardening role for OpenStack-Ansible
|
||||||
company: OpenStack
|
company: OpenStack
|
||||||
license: Apache
|
license: Apache
|
||||||
min_ansible_version: 1.8
|
min_ansible_version: 1.8
|
||||||
|
|||||||
@ -21,10 +21,19 @@
|
|||||||
- cat2
|
- cat2
|
||||||
- V-38489
|
- V-38489
|
||||||
|
|
||||||
|
- name: Verify that AIDE configuration directory exists
|
||||||
|
stat:
|
||||||
|
path: /etc/aide/aide.conf.d
|
||||||
|
register: aide_conf
|
||||||
|
always_run: true
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- name: V-38489 - Exclude certain directories from AIDE and initialize DB
|
- name: V-38489 - Exclude certain directories from AIDE and initialize DB
|
||||||
template:
|
template:
|
||||||
src: ZZ_aide_exclusions.j2
|
src: ZZ_aide_exclusions.j2
|
||||||
dest: /etc/aide/aide.conf.d/ZZ_aide_exclusions
|
dest: /etc/aide/aide.conf.d/ZZ_aide_exclusions
|
||||||
|
when: aide_conf.stat.exists | bool
|
||||||
notify:
|
notify:
|
||||||
- initialize AIDE
|
- initialize AIDE
|
||||||
tags:
|
tags:
|
||||||
@ -43,7 +52,9 @@
|
|||||||
- name: V-38670 - System must detect unauthorized changes to software and information
|
- name: V-38670 - System must detect unauthorized changes to software and information
|
||||||
fail:
|
fail:
|
||||||
msg: "FAILED: AIDE cron job is missing"
|
msg: "FAILED: AIDE cron job is missing"
|
||||||
when: v38670_result.stat.exists == False
|
when:
|
||||||
|
- not check_mode
|
||||||
|
- v38670_result.stat.exists == False
|
||||||
tags:
|
tags:
|
||||||
- cat2
|
- cat2
|
||||||
- V-38670
|
- V-38670
|
||||||
@ -125,7 +136,9 @@
|
|||||||
- name: V-38624 - System logs must be rotated daily (verify cron job)
|
- name: V-38624 - System logs must be rotated daily (verify cron job)
|
||||||
fail:
|
fail:
|
||||||
msg: "FAILED: Cron job for logrotate is missing"
|
msg: "FAILED: Cron job for logrotate is missing"
|
||||||
when: v38624_result.stat.exists == False
|
when:
|
||||||
|
- not check_mode
|
||||||
|
- v38624_result.stat.exists == False
|
||||||
tags:
|
tags:
|
||||||
- cat3
|
- cat3
|
||||||
- V-38624
|
- V-38624
|
||||||
@ -178,7 +191,10 @@
|
|||||||
- name: V-38660 - The snmpd service must only use SNMPv3 or newer
|
- name: V-38660 - The snmpd service must only use SNMPv3 or newer
|
||||||
fail:
|
fail:
|
||||||
msg: "FAILED: Insecure SNMP configuration found -- use SNMPv3 only"
|
msg: "FAILED: Insecure SNMP configuration found -- use SNMPv3 only"
|
||||||
when: v38660_snmpd_installed.rc == 0 and v38660_result.rc == 0
|
when:
|
||||||
|
- not check_mode
|
||||||
|
- v38660_snmpd_installed.rc == 0
|
||||||
|
- v38660_result.rc == 0
|
||||||
tags:
|
tags:
|
||||||
- cat2
|
- cat2
|
||||||
- V-38660
|
- V-38660
|
||||||
|
|||||||
@ -1,2 +1,3 @@
|
|||||||
[defaults]
|
[defaults]
|
||||||
roles_path = ../..
|
roles_path = ../../
|
||||||
|
remote_tmp = ../.ansible/tmp/
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
[all]
|
[all]
|
||||||
localhost ansible_connection=local
|
localhost ansible_connection=local physical_host=localhost ansible_become=True
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user