[release-announce] openstack-ansible-security 15.1.0 (ocata)
no-reply at openstack.org
no-reply at openstack.org
Fri May 26 07:55:21 UTC 2017
We are stoked to announce the release of:
openstack-ansible-security 15.1.0: OpenStack-Ansible: Host security
hardening
This release is part of the ocata stable release series.
Download the package from:
https://tarballs.openstack.org/ansible-hardening/
For more details, please see below.
15.1.0
^^^^^^
Security Issues
* The security role will no longer fix file permissions and
ownership based on the contents of the RPM database by default.
Deployers can opt in for these changes by setting
"security_reset_perm_ownership" to "yes".
* The tasks that search for ".shosts" and "shosts.equiv" files (STIG
ID: RHEL-07-040330) are now skipped by default. The search takes a
long time to complete on systems with lots of files and it also
causes a significant amount of disk I/O while it runs.
Changes in openstack-ansible-security 15.0.0..15.1.0
----------------------------------------------------
032d98f Rename vars/common.yml to vars/main.yml
e7dc4ee Enable ntp client functionality with chronyd
160cb80 Make .shosts search/removal opt in
3bc5432 Disable file perm/ownership reset
Diffstat (except docs and test files)
-------------------------------------
defaults/main.yml | 4 +-
...-rpm-perms-fix-by-default-b164e39717f0ada7.yaml | 6 +
...shosts-file-search-opt-in-887f600a79eef07e.yaml | 7 +
tasks/main.yml | 5 -
templates/chrony.conf.j2 | 5 +-
vars/common.yml | 337 ---------------------
vars/main.yml | 331 +++++++++++++++++++-
10 files changed, 354 insertions(+), 364 deletions(-)
More information about the Release-announce
mailing list