[release-announce] openstack-ansible-security 12.0.14
no-reply at openstack.org
no-reply at openstack.org
Fri May 26 07:54:23 UTC 2017
We are stoked to announce the release of:
openstack-ansible-security 12.0.14: Security hardening role for
openstack-ansible
Download the package from:
https://tarballs.openstack.org/ansible-hardening/
For more details, please see below.
12.0.14
^^^^^^^
Bug Fixes
* The dictionary-based variables in "defaults/main.yml" are now
individual variables. The dictionary-based variables could not be
changed as the documentation instructed. Instead it was required to
override the entire dictionary. Deployers must use the new variable
names to enable or disable the security configuration changes
applied by the security role. For more information, see Launchpad
Bug 1577944 (https://bugs.launchpad.net/openstack-
ansible/+bug/1577944).
* Failed access logging is now disabled by default and can be
enabled by changing "security_audit_failed_access" to "yes". The
rsyslog daemon checks for the existence of log files regularly and
this audit rule was triggered very frequently, which led to very
large audit logs.
* The security role now handles "ssh_config" files that contain
"Match" stanzas. A marker is added to the configuration file and any
new configuration items will be added below that marker. In
addition, the configuration file is validated for each change to the
ssh configuration file.
More information about the Release-announce
mailing list