[openstack-dev] [openstack-ansible] Security hardening

Matthew Thode prometheanfire at gentoo.org
Thu Sep 10 16:57:14 UTC 2015


On 09/10/2015 11:33 AM, Major Hayden wrote:
> On 09/10/2015 11:22 AM, Matthew Thode wrote:
>> Sane defaults can't be used?  The two bugs you listed look fine to me as
>> default things to do.
> 
> Thanks, Matthew.  I tend to agree.
> 
> I'm wondering if it would be best to make a "punch list" of CIS benchmarks and try to tag them with one of the following:
> 
>   * Do this in OSAD
>   * Tell deployers how to do this (in docs)
>   * Tell deployers not to do this (in docs)
> 
> That could be lumped in with a spec/blueprint of some sort.  Would that be beneficial?
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 

I think that'd work, it'd also allow discussion on if something should
be in each section as well.

-- 
Matthew Thode

-- 
-- Matthew Thode (prometheanfire)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150910/a2ccf80e/attachment.pgp>


More information about the OpenStack-dev mailing list