We are gleeful to announce the release of: ansible-hardening 15.1.9: OpenStack-Ansible: Host security hardening This release is part of the ocata stable release series. Download the package from: https://tarballs.openstack.org/ansible-hardening/ For more details, please see below. 15.1.9 ^^^^^^ Security Issues * "PermitRootLogin" in the ssh configuration has changed from "yes" to "without-password". This will only allow ssh to be used to authenticate root via a key. Changes in ansible-hardening 15.1.3..15.1.9 ------------------------------------------- 957c0bc Change default prohibit root sshd password auth 2802c55 Backport bindep change from master 4638a9e Add equalto Jinja2 test for EL7 a2782dd tasks: rhel7stig: aide: Fix conditionals for Ubuntu exclusions 248640b tasks: rhel7stig: aide: Use 'aide -i' if 'aideinit' is not available f9299c5 tasks: rhel7stig: sshd: Avoid using with_fileglob for remote hosts dfaf108 [Docs] Replace security role references d2de624 Fix ansible-hardening references in tox/playbook 49ab633 Remove 'physical_host' from inventory f215c22 Fix .gitreview for older branches 4b6a43d Don't install python-ndg_httpsclient 1dd16ea [Docs] Fix deprecation docs for RHEL 6 content 7db180f Configure AIDE before initial run 1260f81 Check for grub2 defaults file 3a2486f Fix security role gate ae2ea66 Do not update grub if grub not used Diffstat (except docs and test files) ------------------------------------- .gitreview | 2 +- README.md | 23 +++++----- README.rst | 6 +-- bindep.txt | 4 +- defaults/main.yml | 20 ++++---- files/V-38682-modprobe.conf | 2 +- files/aide_extra.conf | 14 ------ handlers/main.yml | 2 + ...ot-login-without-password-948ec79c6508c19b.yaml | 6 +++ setup.cfg | 2 +- tasks/main.yml | 9 +++- tasks/rhel6stig/sshd.yml | 28 ++++++------ tasks/rhel7stig/aide.yml | 53 ++++++++++++++-------- tasks/rhel7stig/auth.yml | 15 +++++- tasks/rhel7stig/kernel.yml | 2 +- tasks/rhel7stig/misc.yml | 3 +- tasks/rhel7stig/sshd.yml | 24 ++++++++-- templates/osas-auditd-rhel7.j2 | 4 +- tox.ini | 15 +----- vars/redhat.yml | 2 +- vars/ubuntu.yml | 2 +- 34 files changed, 212 insertions(+), 168 deletions(-)
participants (1)
-
no-reply@openstack.org