[release-announce] [openstackansible] ansible-hardening 15.1.9 (ocata)

no-reply at openstack.org no-reply at openstack.org
Thu Oct 5 20:47:11 UTC 2017 

We are gleeful to announce the release of:

ansible-hardening 15.1.9: OpenStack-Ansible: Host security hardening

This release is part of the ocata stable release series.

Download the package from:

    https://tarballs.openstack.org/ansible-hardening/

For more details, please see below.

15.1.9
^^^^^^

Security Issues

* "PermitRootLogin" in the ssh configuration has changed from "yes"
  to "without-password".  This will only allow ssh to be used to
  authenticate root via a key.

Changes in ansible-hardening 15.1.3..15.1.9
-------------------------------------------

957c0bc Change default prohibit root sshd password auth
2802c55 Backport bindep change from master
4638a9e Add equalto Jinja2 test for EL7
a2782dd tasks: rhel7stig: aide: Fix conditionals for Ubuntu exclusions
248640b tasks: rhel7stig: aide: Use 'aide -i' if 'aideinit' is not available
f9299c5 tasks: rhel7stig: sshd: Avoid using with_fileglob for remote hosts
dfaf108 [Docs] Replace security role references
d2de624 Fix ansible-hardening references in tox/playbook
49ab633 Remove 'physical_host' from inventory
f215c22 Fix .gitreview for older branches
4b6a43d Don't install python-ndg_httpsclient
1dd16ea [Docs] Fix deprecation docs for RHEL 6 content
7db180f Configure AIDE before initial run
1260f81 Check for grub2 defaults file
3a2486f Fix security role gate
ae2ea66 Do not update grub if grub not used


Diffstat (except docs and test files)
-------------------------------------

.gitreview                                         |  2 +-
README.md                                          | 23 +++++-----
README.rst                                         |  6 +--
bindep.txt                                         |  4 +-
defaults/main.yml                                  | 20 ++++----
files/V-38682-modprobe.conf                        |  2 +-
files/aide_extra.conf                              | 14 ------
handlers/main.yml                                  |  2 +
...ot-login-without-password-948ec79c6508c19b.yaml |  6 +++
setup.cfg                                          |  2 +-
tasks/main.yml                                     |  9 +++-
tasks/rhel6stig/sshd.yml                           | 28 ++++++------
tasks/rhel7stig/aide.yml                           | 53 ++++++++++++++--------
tasks/rhel7stig/auth.yml                           | 15 +++++-
tasks/rhel7stig/kernel.yml                         |  2 +-
tasks/rhel7stig/misc.yml                           |  3 +-
tasks/rhel7stig/sshd.yml                           | 24 ++++++++--
templates/osas-auditd-rhel7.j2                     |  4 +-
tox.ini                                            | 15 +-----
vars/redhat.yml                                    |  2 +-
vars/ubuntu.yml                                    |  2 +-
34 files changed, 212 insertions(+), 168 deletions(-)

More information about the Release-announce mailing list