We are glad to announce the release of: openstack-ansible-security 12.0.16: Security hardening role for openstack-ansible For more details, please see below. 12.0.16 ^^^^^^^ New Features ************ * The audit rules added by the security role now have key fields that make it easier to link the audit log entry to the audit rule that caused it to appear. Bug Fixes ********* * The role previously did not restart the audit daemon after generating a new rules file. The bug (https://launchpad.net/bugs/1590916) has been fixed and the audit daemon will be restarted after any audit rule changes. * When the security role was run in Ansible's check mode and a tag was provided, the "check_mode" variable was not being set. Any tasks which depend on that variable would fail. This bug is fixed (https://bugs.launchpad.net/openstack-ansible/+bug/1590086) and the "check_mode" variable is now set properly on every playbook run. Changes in openstack-ansible-security 12.0.15..12.0.16 ------------------------------------------------------ 6c889d8 Fix documentation warnings from sphinx 9b37a4b Ensure aide-common package is installed 8f3324b Add check/audit to gate testing 6fbe43a Allow AppArmor to be enabled fd51d68 Add key fields to audit rules e26c911 Restart auditd after running augenrules 6213c87 Set check_mode variable every time Diffstat (except docs and test files) ------------------------------------- defaults/main.yml | 8 + handlers/main.yml | 1 + .../notes/augenrules-restart-39fe3e1e2de3eaba.yaml | 5 + .../fix-check-mode-with-tags-bf798856a27c53eb.yaml | 7 + .../improved-audit-rule-keys-9fa85f758386446c.yaml | 5 + tasks/lsm.yml | 40 +++++ tasks/main.yml | 9 +- tasks/misc.yml | 24 +-- templates/osas-auditd.j2 | 184 ++++++++++----------- tox.ini | 16 +- 501 files changed, 1466 insertions(+), 401 deletions(-)