openstack/ansible-hardening

Go to file

xuanyandong ae2f3a311b update source link in readme

Change-Id: I7f5a937150ad348e4bd92253a0180ff1ac5940f2

2019-10-05 11:37:36 +08:00

Chrony: new NTP server defaults

2019-01-10 09:48:50 +00:00

Merge "Update the HTTP links to HTTPS in developer-guide.rst."

2019-04-24 20:21:43 +00:00

Add support for the openSUSE Leap distributions

2017-06-27 15:43:53 +01:00

Always quote the filesystem permissions

2017-11-08 10:56:07 -06:00

Verify password age limits [+Docs]

2016-12-08 09:44:23 -06:00

SUSE: Add support for openSUSE Leap 15

2018-08-10 09:48:27 +03:00

Update master for stable/stein

2019-04-08 09:13:17 +00:00

Fix conditional cast to bool

2019-03-15 23:01:45 -05:00

Switch to rtcsync for chrony

2019-01-15 09:35:09 -05:00

Add equalto Jinja2 test for EL7

2017-06-30 09:13:16 -05:00

Add retries to package installations

2018-06-16 19:15:12 -04:00

Replace Fedora 26 with 27

2018-03-07 13:30:45 +00:00

debian: drop stable job

2019-04-08 00:41:06 +00:00

.gitignore

Updated from OpenStack Ansible Tests

2018-10-02 14:56:48 +00:00

.gitreview

OpenDev Migration Patch

2019-04-19 19:34:44 +00:00

.zuul.yaml

import zuul job settings from project-config

2018-08-09 03:12:05 +00:00

bindep.txt

Updated from OpenStack Ansible Tests

2019-05-09 11:36:17 +00:00

LICENSE

Initial import of openstack-ansible-security role

2015-10-07 07:27:39 -05:00

manual-test.rc

Use centralised test scripts

2016-09-28 12:16:50 +01:00

README.md

Add release note link in README

2018-06-29 14:38:56 +08:00

README.rst

update source link in readme

2019-10-05 11:37:36 +08:00

run_tests.sh

Updated from OpenStack Ansible Tests

2019-07-18 22:21:19 +00:00

setup.cfg

Change openstack-dev to openstack-discuss

2018-12-05 23:31:42 +08:00

setup.py

Updated from global requirements

2017-03-02 11:52:32 +00:00

tox.ini

fix tox python3 overrides

2018-11-06 05:22:32 +00:00

Vagrantfile

Updated from OpenStack Ansible Tests

2019-07-18 22:21:19 +00:00

README.md

ansible-hardening

The ansible-hardening role applies security hardening configurations from the Security Technical Implementation Guide (STIG) to systems running the following distributions:

CentOS 7
Debian Jessie
Fedora 27
openSUSE Leap 42.2 and 42.3
Red Hat Enterprise Linux 7
SUSE Linux Enterprise 12 (experimental)
Ubuntu 16.04

For more details, review the ansible-hardening documentation.

Release notes for the project can be found at: https://docs.openstack.org/releasenotes/ansible-hardening

Requirements

This role can be used with or without OpenStack-Ansible. It requires Ansible 2.3 or later.

Role Variables

All of the variables for this role are in defaults/main.yml.

Dependencies

This role has no dependencies.

Example Playbook

Using the role is fairly straightforward:

- hosts: servers
  roles:
     - ansible-hardening

Running with Vagrant

This role can be tested easily on multiple platforms using Vagrant.

The Vagrantfile supports testing on:

Ubuntu 16.04
CentOS 7

To test on all platforms:

vagrant destroy --force && vagrant up

To test on Ubuntu 14.04 only:

vagrant destroy ubuntu1404 --force && vagrant up ubuntu1404

To test on Ubuntu 16.04 only:

vagrant destroy ubuntu1604 --force && vagrant up ubuntu1604

To test on CentOS 7 only:

vagrant destroy centos7 --force && vagrant up centos7

License

Apache 2.0

Author Information

For more information, join #openstack-ansible on Freenode.