Re: [openstack-dev] [openstack-ansible] Security hardening

k-dev@lists.openstack.org> Date: Monday, September 14, 2015 at 11:34 To: "openstack-dev@lists.openstack.org" <openstack-dev@lists.openstack.org> Subject: Re: [openstack-dev] [openstack-ansible] Security hardening >On 09/14/2015 03:28 AM, Jesse Pretorius wrote: >

Re: [openstack-dev] [openstack-ansible] Security hardening

; > > > >-Original Message- >From: Major Hayden <ma...@mhtx.net> >Reply-To: "OpenStack Development Mailing List (not for usage questions)" ><openstack-dev@lists.openstack.org> >Date: Monday, September 14, 2015 at 11:34 >To: "openstack-dev@li

Re: [openstack-dev] [openstack-ansible] Security hardening

On 09/14/2015 03:28 AM, Jesse Pretorius wrote: > On 10 September 2015 at 19:21, Clint Byrum > wrote: > > Excerpts from Major Hayden's message of 2015-09-10 09:33:27 -0700: > > Hash: SHA256 > > > > On 09/10/2015 11:22 AM, Matthew Thode

Re: [openstack-dev] [openstack-ansible] Security hardening

On 09/14/2015 03:28 AM, Jesse Pretorius wrote: > I agree with Clint that this is a good approach. > > If there is an automated way that we can verify the security of an > installation at a reasonable/standardised level then I think we should add a > gate check for it too. Here's a rough draft

Re: [openstack-dev] [openstack-ansible] Security hardening

On 10 September 2015 at 19:21, Clint Byrum wrote: > Excerpts from Major Hayden's message of 2015-09-10 09:33:27 -0700: > > Hash: SHA256 > > > > On 09/10/2015 11:22 AM, Matthew Thode wrote: > > > Sane defaults can't be used? The two bugs you listed look fine to me > as > > >

[openstack-dev] [openstack-ansible] Security hardening

Hey there, I've been looking for some ways to harden the systems that are deployed by os-ansible-deployment (soon to be openstack-ansible?) and I've been using the Center for Internet Security (CIS)[1] benchmarks as a potential pathway for that. There are benchmarks available for various

Re: [openstack-dev] [openstack-ansible] Security hardening

On 09/10/2015 09:54 AM, Major Hayden wrote: > Hey there, > > I've been looking for some ways to harden the systems that are deployed by > os-ansible-deployment (soon to be openstack-ansible?) and I've been using the > Center for Internet Security (CIS)[1] benchmarks as a potential pathway for

Re: [openstack-dev] [openstack-ansible] Security hardening

On 09/10/2015 11:33 AM, Major Hayden wrote: > On 09/10/2015 11:22 AM, Matthew Thode wrote: >> Sane defaults can't be used? The two bugs you listed look fine to me as >> default things to do. > > Thanks, Matthew. I tend to agree. > > I'm wondering if it would be best to make a "punch list" of

Re: [openstack-dev] [openstack-ansible] Security hardening

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/10/2015 11:22 AM, Matthew Thode wrote: > Sane defaults can't be used? The two bugs you listed look fine to me as > default things to do. Thanks, Matthew. I tend to agree. I'm wondering if it would be best to make a "punch list" of CIS

Re: [openstack-dev] [openstack-ansible] Security hardening

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/10/2015 01:21 PM, Clint Byrum wrote: > Just a thought from somebody outside of this. If OSAD can provide the > automation, turned off by default as a convenience, and run a bank of > tests with all of these turned on to make sure they do

Re: [openstack-dev] [openstack-ansible] Security hardening

Excerpts from Major Hayden's message of 2015-09-10 09:33:27 -0700: > Hash: SHA256 > > On 09/10/2015 11:22 AM, Matthew Thode wrote: > > Sane defaults can't be used? The two bugs you listed look fine to me as > > default things to do. > > Thanks, Matthew. I tend to agree. > > I'm wondering if