Open Stack

We are thrilled to announce the release of:

openstack-ansible-security 13.1.4: Security hardening role for
openstack-ansible

For more details, please see below.

13.1.4
^^^^^^


New Features
************

* The audit rules added by the security role now have key fields
  that make it easier to link the audit log entry to the audit rule
  that caused it to appear.


Bug Fixes
*********

* The role previously did not restart the audit daemon after
  generating a new rules file. The bug
  (https://launchpad.net/bugs/1590916) has been fixed and the audit
  daemon will be restarted after any audit rule changes.

* When the security role was run in Ansible's check mode and a tag
  was provided, the "check_mode" variable was not being set. Any tasks
  which depend on that variable would fail. This bug is fixed
  (https://bugs.launchpad.net/openstack-ansible/+bug/1590086) and the
  "check_mode" variable is now set properly on every playbook run.

Changes in openstack-ansible-security 13.1.3..13.1.4
----------------------------------------------------

d46ef1c Pin test-requirements to match OpenStack requirements
fd168f1 Fix documentation warnings from sphinx
0b966cc Ensure aide-common package is installed
cc45bad Add key fields to audit rules
b10a945 Add check/audit to gate testing
744e9b9 Allow AppArmor to be enabled
bf195e2 Restart auditd after running augenrules
f0848de Set check_mode variable every time


Diffstat (except docs and test files)
-------------------------------------

defaults/main.yml                                  |   8 +
handlers/main.yml                                  |   1 +
.../notes/augenrules-restart-39fe3e1e2de3eaba.yaml |   5 +
.../fix-check-mode-with-tags-bf798856a27c53eb.yaml |   7 +
.../improved-audit-rule-keys-9fa85f758386446c.yaml |   5 +
tasks/lsm.yml                                      |  40 +++++
tasks/main.yml                                     |   9 +-
tasks/misc.yml                                     |  24 +--
templates/osas-auditd.j2                           | 184 ++++++++++-----------
test-requirements.txt                              |   8 +-
tox.ini                                            |  16 +-
502 files changed, 1470 insertions(+), 405 deletions(-)


Requirements updates
--------------------

diff --git a/test-requirements.txt b/test-requirements.txt
index a6cce40..a45faa5 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -3,2 +3,2 @@ ansible>=1.9.1,<2.0.0,!=1.9.6
-bashate
-flake8
+bashate==0.4.0
+flake8>2.4.1,<2.6.0
@@ -7,2 +7,2 @@ flake8
-sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2
-oslosphinx>=2.5.0 # Apache-2.0
+sphinx>=1.1.2,!=1.2.0,!=1.3b1,<1.3  # BSD
+oslosphinx>=2.5.0,!=3.4.0  # Apache-2.0