Code Review / ta / infra-ansible.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 76de2b3) | patch
FIX: Compliance with Akraino security requirements 66/3966/5
authordave kormann <davek@research.att.com>
Mon, 16 Nov 2020 04:57:24 +0000 (23:57 -0500)
committerdave kormann <davek@research.att.com>
Wed, 9 Dec 2020 15:51:32 +0000 (10:51 -0500)
commit407c56bb4dab1eac542f37c5b0b25cb63133b2f0
tree0fb7cd8e940f5dc31ac9f461c953300eefc3ac2ftree | snapshot
parent76de2b3e9925960e461fd7d26e6cc1d00063078ecommit | diff
FIX: Compliance with Akraino security requirements

This change modifies the SSH and sysctl configurations to comply
with Akraino requirements.  Among the changes:

o Zeroize kernel pointer values in logs
o Allow only members of the 'cloudadmin' group to log in via SSH
o Limit active SSH sessions to 2 per user
o Configure USBGuard with a rudimentary set of permissions

Signed-off-by: dave kormann <davek@research.att.com>
Change-Id: If52aa278b502f487091ed864b8e82acc7ff8f732
roles/ops-hardening/tasks/main.yaml diff | blob | history
roles/ssh_conf_hardening/tasks/main.yaml diff | blob | history
This repository contains all the generic deployment playbooks, which configure services running directly on the host. Includes playbooks for disk partitioning, Ceph configuration, hardening, security, SSH, operating system level user management etc.