We are stoked to announce the release of: openstack-ansible-security 15.1.0: OpenStack-Ansible: Host security hardening This release is part of the ocata stable release series. Download the package from: https://tarballs.openstack.org/ansible-hardening/ For more details, please see below. 15.1.0 ^^^^^^ Security Issues * The security role will no longer fix file permissions and ownership based on the contents of the RPM database by default. Deployers can opt in for these changes by setting "security_reset_perm_ownership" to "yes". * The tasks that search for ".shosts" and "shosts.equiv" files (STIG ID: RHEL-07-040330) are now skipped by default. The search takes a long time to complete on systems with lots of files and it also causes a significant amount of disk I/O while it runs. Changes in openstack-ansible-security 15.0.0..15.1.0 ---------------------------------------------------- 032d98f Rename vars/common.yml to vars/main.yml e7dc4ee Enable ntp client functionality with chronyd 160cb80 Make .shosts search/removal opt in 3bc5432 Disable file perm/ownership reset Diffstat (except docs and test files) ------------------------------------- defaults/main.yml | 4 +- ...-rpm-perms-fix-by-default-b164e39717f0ada7.yaml | 6 + ...shosts-file-search-opt-in-887f600a79eef07e.yaml | 7 + tasks/main.yml | 5 - templates/chrony.conf.j2 | 5 +- vars/common.yml | 337 --------------------- vars/main.yml | 331 +++++++++++++++++++- 10 files changed, 354 insertions(+), 364 deletions(-)