We are stoked to announce the release of: openstack-ansible-security 12.0.14: Security hardening role for openstack-ansible Download the package from: https://tarballs.openstack.org/ansible-hardening/ For more details, please see below. 12.0.14 ^^^^^^^ Bug Fixes * The dictionary-based variables in "defaults/main.yml" are now individual variables. The dictionary-based variables could not be changed as the documentation instructed. Instead it was required to override the entire dictionary. Deployers must use the new variable names to enable or disable the security configuration changes applied by the security role. For more information, see Launchpad Bug 1577944 (https://bugs.launchpad.net/openstack- ansible/+bug/1577944). * Failed access logging is now disabled by default and can be enabled by changing "security_audit_failed_access" to "yes". The rsyslog daemon checks for the existence of log files regularly and this audit rule was triggered very frequently, which led to very large audit logs. * The security role now handles "ssh_config" files that contain "Match" stanzas. A marker is added to the configuration file and any new configuration items will be added below that marker. In addition, the configuration file is validated for each change to the ssh configuration file.