The openstack-ansible-security role applies security hardening configurations to any system -- those running OpenStack and those that don't -- without disruption.
2. Major Hayden
Principal Architect at Rackspace
● Builds OpenStack private clouds
● OpenStack contributor since Diablo
● Fedora Linux Security Team / Server WG member
● Actually one of the few people who likes SELinux
● Owns far too many domain names
11. IMAGINE A WORLD:
Where you have the freedom
to tighten or loosen restrictions
at any time
Photo: NASA
12. IMAGINE A WORLD:
Where you can delight* auditors
with proof of compliance
Photo: NASA
* I’m not sure if an auditor has ever been delighted before, but we are certainly going to try.
13. Get one step closer to that world
with openstack-ansible-security.
https://github.com/openstack/openstack-ansible-security
16. The Defense Information Systems
Agency (DISA) releases
the Security Technical
Implementation Guide (STIG).
The Pike release will feature the RHEL 7 STIG final version!
17. The STIG is translated into tasks,
templates, and handlers within an
Ansible role.
18. The Ansible role is adjusted to avoid
disruptions to an OpenStack
environment (or other production
environments without OpenStack).
(This step also includes lots of documentation and functional tests.)
19. Finally, the role gets final tweaks and
translations so that it works well on
multiple distributions.
(Every distribution has its quirks, especially with security.)
20. Supported deployments
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
(deprecated)
CentOS 7
Red Hat Enterprise
Linux 7
X86 and PPC
Architectures
With or without
OpenStack
New or existing
systems