[release-announce] [openstackansible] ansible-hardening 16.0.5 (pike)
no-reply at openstack.org
no-reply at openstack.org
Fri Dec 8 22:17:50 UTC 2017
We are gleeful to announce the release of:
ansible-hardening 16.0.5: OpenStack-Ansible: Host security hardening
This release is part of the pike release series.
Download the package from:
https://tarballs.openstack.org/ansible-hardening/
For more details, please see below.
16.0.5
^^^^^^
New Features
* The "security_sshd_permit_root_login" setting can now be set to
change the "PermitRootLogin" setting in "/etc/ssh/sshd_config" to
any of the possible options. Set "security_sshd_permit_root_login"
to one of "without-password", "prohibit-password", "forced-commands-
only", "yes" or "no".
* Searching for world-writable files is now disabled by default. The
search causes delays in playbook runs and it can consume a
significant amount of CPU and I/O resources. Deployers can re-enable
the search by setting "security_find_world_writable_dirs" to "yes".
Changes in ansible-hardening 16.0.4..16.0.5
-------------------------------------------
c05e36f Change PermitRootLogin to allow alternate options
a8afdd1 Fix logic error
5543b54 Fix filesystem permission masks
3360e06 Always search for ssh keys
cfeb649 Always quote the filesystem permissions
8248f89 Optionally search for world-writable files
7364491 rhel7stig: sshd.yml: Respect the STIG sshd configuration
Diffstat (except docs and test files)
-------------------------------------
defaults/main.yml | 4 +++-
handlers/main.yml | 2 +-
.../permitrootlogin_options-a62e33ccc4a69657.yaml | 8 +++++++
...able-file-search-optional-7420269230a0e22f.yaml | 7 ++++++
tasks/rhel7stig/file_perms.yml | 6 +++++-
tasks/rhel7stig/sshd.yml | 25 +++++++---------------
templates/sshd_config_block.j2 | 9 ++++++--
10 files changed, 55 insertions(+), 24 deletions(-)
More information about the Release-announce
mailing list