In order to reduce divergance with ansible-lint rules, we apply
auto-fixing of violations.
In current patch we replace all kind of truthy variables with
`true` or `false` values to align with recommendations along with
alignment of used quotes.
Change-Id: I10eaed0d5f7b2a02379d9708da04ef26c31fba5e
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.
With that we also update metdata to reflect current state.
Change-Id: I1920cd05ac5b4d32ad12bce42d9161a568f288b6
This patch adds variable `security_rhel7_enable_aide`. When it's False,
all AIDE related tasks would be ommited.
Change-Id: I64af348d9f49922ab51d8cd348d987df4263faa1
The path of chrony.keys on CentOS is different
from the one on Ubuntu. So change the definition
of keyfile to use variable defined in vars.
Change-Id: Ibb54318d5fff452857d917e3b13af6bae26a1b55
Signed-off-by: Yifei Xue <xueyifei@huawei.com>
GRUB_PASSWORD is not understood by vanilla grub2 installations. As such,
we can use the recommended method by setting the superusers
environment variable and using the password_pbkdf2 command
Change-Id: I07df3decf5e70b85a7dc48b8a8d1ca86e8878d09
Link: https://www.gnu.org/software/grub/manual/grub/grub.html#Security
Closes-Bug: 1735709
Add support for the openSUSE Leap distributions. The security rules
are similar to the RedHat and Ubuntu ones. We also replace
ansible_os_family with ansible_pkg_mgr since the former does not
return consistent results across different SUSE distributions especially
on older Ansible versions.
Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
