We are gleeful to announce the release of: ansible-hardening 16.0.5: OpenStack-Ansible: Host security hardening This release is part of the pike release series. Download the package from: https://tarballs.openstack.org/ansible-hardening/ For more details, please see below. 16.0.5 ^^^^^^ New Features * The "security_sshd_permit_root_login" setting can now be set to change the "PermitRootLogin" setting in "/etc/ssh/sshd_config" to any of the possible options. Set "security_sshd_permit_root_login" to one of "without-password", "prohibit-password", "forced-commands- only", "yes" or "no". * Searching for world-writable files is now disabled by default. The search causes delays in playbook runs and it can consume a significant amount of CPU and I/O resources. Deployers can re-enable the search by setting "security_find_world_writable_dirs" to "yes". Changes in ansible-hardening 16.0.4..16.0.5 ------------------------------------------- c05e36f Change PermitRootLogin to allow alternate options a8afdd1 Fix logic error 5543b54 Fix filesystem permission masks 3360e06 Always search for ssh keys cfeb649 Always quote the filesystem permissions 8248f89 Optionally search for world-writable files 7364491 rhel7stig: sshd.yml: Respect the STIG sshd configuration Diffstat (except docs and test files) ------------------------------------- defaults/main.yml | 4 +++- handlers/main.yml | 2 +- .../permitrootlogin_options-a62e33ccc4a69657.yaml | 8 +++++++ ...able-file-search-optional-7420269230a0e22f.yaml | 7 ++++++ tasks/rhel7stig/file_perms.yml | 6 +++++- tasks/rhel7stig/sshd.yml | 25 +++++++--------------- templates/sshd_config_block.j2 | 9 ++++++-- 10 files changed, 55 insertions(+), 24 deletions(-)