Reviewed: https://review.openstack.org/465967 Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=7db180f80184260aebac5c4df06c31930086b751 Submitter: Jenkins Branch: stable/ocata commit 7db180f80184260aebac5c4df06c31930086b751 Author: Major Hayden <major at mhtx.net> Date: Tue May 16 10:32:13 2017 -0500 Configure AIDE before initial run This patch ensures that AIDE is fully configured before the first database initialization process begins. Manual backport of I209b88afb305828fa6e46de255ef11f5a6645427 was required due to the STIG renaming done in Pike. Change-Id: I41c65e16b61721fecb2aac2251126ce21d7a4353 Closes-Bug: 1686110 ** Tags added: in-stable-ocata -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1686110 Title: AIDE configuration is set AFTER the initial run Status in openstack-ansible: Fix Released Bug description: The "Configure AIDE to verify additional properties" task runs *after* the tasks which do the AIDE initialization. This isn't a problem on CentOS since the default properties meet the STIG requirements, but it does affect Ubuntu. The result is that Ubuntu users may see a huge AIDE update upon their second AIDE run. To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1686110/+subscriptions