OpenStack-Ansible: Host security hardening

OpenStack-Ansible: Host security hardening

Abstract

The ansible-hardening role provides security hardening for OpenStack environments deployed with openstack-ansible. The role has multiple goals:

  • Provide additional security in a highly configurable, integrated way without disrupting a production OpenStack environment.
  • Make it easier for organizations to meet the requirements of compliance programs, such as Payment Card Industry Data Security Standard (PCI-DSS).
  • Document all changes to allow deployers to make educated decisions on which security configuration changes to apply.

At this time, the role follows the requirements of the US Government’s Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6.

The easiest method for reviewing the STIG configurations and the relevant metadata is through the STIG Viewer service provided by UCF.

Mitaka: Stable release

The Mitaka release of the ansible-hardening role was first released with the 13.0.0 tag on April 1st, 2016. Refer to the Mitaka release notes for more details on the improvements and fixes.

Ubuntu 14.04 is supported in the Mitaka release.

Liberty: Previous stable release (EOL: 2016-11-17)

Refer to the Liberty release notes for more details on the improvements and fixes.

Ubuntu 14.04 is supported in the Liberty release.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.