We are glad to announce the release of:
ansible-hardening 14.2.10: OpenStack-Ansible: Host security hardening
This release is part of the newton release series.
Download the package from:
https://tarballs.openstack.org/ansible-hardening/
For more details, please see below.
14.2.10 ^^^^^^^
New Features ************
* The ansible-hardening role supports the application of the Red Hat Enterprise Linux 6 STIG configurations to systems running CentOS 7 and Ubuntu 16.04 LTS.
Security Issues ***************
* "PermitRootLogin" in the ssh configuration has changed from "yes" to "without-password". This will only allow ssh to be used to authenticate root via a key.
Changes in ansible-hardening 14.2.3..14.2.10 --------------------------------------------
31bfec7 Change default prohibit root sshd password auth d12b33b Updated from OpenStack Ansible Tests 436b6b6 [Docs] Replace security role references 62d5932 Fix ansible-hardening references in tox/playbook 6bbc4e9 Do not update grub if grub not used c339fcf Fix .gitreview for older branches 5ee3c4e Don't install python-ndg_httpsclient
Diffstat (except docs and test files) -------------------------------------
.gitignore | 7 +- .gitreview | 2 +- README.md | 6 +- README.rst | 4 +- Vagrantfile | 72 ++++++----------- bindep.txt | 22 ++++-- defaults/main.yml | 16 ++-- files/V-38682-modprobe.conf | 2 +- handlers/main.yml | 4 + ...ot-login-without-password-948ec79c6508c19b.yaml | 6 ++ ...support-for-centos-xenial-2b89c318cc3df4b0.yaml | 2 +- setup.cfg | 2 +- tasks/main.yml | 7 ++ tasks/sshd.yml | 28 +++---- tox.ini | 2 +- vars/main.yml | 2 +- vars/redhat.yml | 2 +- vars/ubuntu.yml | 2 +- 29 files changed, 174 insertions(+), 163 deletions(-)