openstack/ansible-hardening
Code Issues Proposed changes

Fixing testing bug

Browse Source 
Change-Id: I98954dcb26ff28c94f97e0d4a85a8bee7bc27b30
This commit is contained in:
Major Hayden 2015-12-07 15:18:29 -06:00
parent 141c1dcf24
commit 97f9891166
4 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta/main.yml
View File

@ -1,7 +1,7 @@
---
galaxy_info:
author: OpenStack
description: Security hardening role for OpenStack Ansible
description: Security hardening role for OpenStack-Ansible
company: OpenStack
license: Apache
min_ansible_version: 1.8

22
tasks/misc.yml
View File

@ -21,10 +21,19 @@
- cat2
- V-38489
- name: Verify that AIDE configuration directory exists
stat:
path: /etc/aide/aide.conf.d
register: aide_conf
always_run: true
tags:
- always
- name: V-38489 - Exclude certain directories from AIDE and initialize DB
template:
src: ZZ_aide_exclusions.j2
dest: /etc/aide/aide.conf.d/ZZ_aide_exclusions
when: aide_conf.stat.exists | bool
notify:
- initialize AIDE
tags:
@ -43,7 +52,9 @@
- name: V-38670 - System must detect unauthorized changes to software and information
fail:
msg: "FAILED: AIDE cron job is missing"
when: v38670_result.stat.exists == False
when:
- not check_mode
- v38670_result.stat.exists == False
tags:
- cat2
- V-38670
@ -125,7 +136,9 @@
- name: V-38624 - System logs must be rotated daily (verify cron job)
fail:
msg: "FAILED: Cron job for logrotate is missing"
when: v38624_result.stat.exists == False
when:
- not check_mode
- v38624_result.stat.exists == False
tags:
- cat3
- V-38624
@ -178,7 +191,10 @@
- name: V-38660 - The snmpd service must only use SNMPv3 or newer
fail:
msg: "FAILED: Insecure SNMP configuration found -- use SNMPv3 only"
when: v38660_snmpd_installed.rc == 0 and v38660_result.rc == 0
when:
- not check_mode
- v38660_snmpd_installed.rc == 0
- v38660_result.rc == 0
tags:
- cat2
- V-38660

3
tests/ansible.cfg
View File

@ -1,2 +1,3 @@
[defaults]
roles_path = ../..
roles_path = ../../
remote_tmp = ../.ansible/tmp/

2
tests/inventory
View File

@ -1,2 +1,2 @@
[all]
localhost ansible_connection=local
localhost ansible_connection=local physical_host=localhost ansible_become=True