Arguments and configuration
Argument Value
verbosity 0
ask_pass False
private_key_file None
remote_user None
connection ssh
timeout 5
ssh_common_args
sftp_extra_args
scp_extra_args
ssh_extra_args
force_handlers True
flush_cache None
become False
become_method sudo
become_user None
become_ask_pass False
tags ['all']
skip_tags []
check False
syntax None
diff False
inventory ['/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py', '/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini', '/etc/openstack_deploy/inventory.ini']
listhosts None
subset None
extra_vars Not saved by ARA as configured by 'ignored_arguments'
ask_vault_pass False
vault_password_files []
vault_ids []
forks 5
module_path None
listtasks None
listtags None
step None
start_at_task None
args ['setup-hosts.yml']
Records No records have been saved with ara_record for this playbook.
Files
Hosts
Host Changed Failed Ok Skipped Unreachable
aio1 38 0 112 30 0
Task results
Task Action Status Host Started Duration
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:10 +0000 00:00:02.489
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:10 +0000 00:00:01.643
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:10 +0000 00:00:01.123
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:10 +0000 00:00:00.486
ansible-hardening : Remove the temporary directory file ok aio1 Fri, 31 Jan 2020 15:53:08 +0000 00:00:00.642
ansible-hardening : Private host key files must have mode 0600 or less file ok aio1 Fri, 31 Jan 2020 15:53:08 +0000 00:00:00.756
ansible-hardening : Determine existing private ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:53:07 +0000 00:00:00.304
ansible-hardening : Public host key files must have mode 0644 or less file ok aio1 Fri, 31 Jan 2020 15:53:06 +0000 00:00:00.759
ansible-hardening : Determine existing public ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:53:05 +0000 00:00:00.308
ansible-hardening : Ensure sshd is enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:53:04 +0000 00:00:00.414
ansible-hardening : Adjust ssh server configuration based on STIG requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:53:04 +0000 00:00:00.341
ansible-hardening : Copy login warning banner copy changed aio1 Fri, 31 Jan 2020 15:53:03 +0000 00:00:00.504
ansible-hardening : Check to see if snmpd config contains public/private shell ok aio1 Fri, 31 Jan 2020 15:53:02 +0000 00:00:00.296
ansible-hardening : Check TFTP configuration mode command skipped aio1 Fri, 31 Jan 2020 15:53:01 +0000 00:00:00.295
ansible-hardening : Check for TFTP server configuration file stat ok aio1 Fri, 31 Jan 2020 15:53:01 +0000 00:00:00.297
ansible-hardening : V-72297 - Prevent unrestricted mail relaying lineinfile changed aio1 Fri, 31 Jan 2020 15:53:00 +0000 00:00:00.314
ansible-hardening : Check for postfix configuration file stat ok aio1 Fri, 31 Jan 2020 15:52:59 +0000 00:00:00.315
ansible-hardening : Check for interfaces in promiscuous mode shell ok aio1 Fri, 31 Jan 2020 15:52:58 +0000 00:00:00.300
ansible-hardening : V-72281 - For systems using DNS resolution, at least two name servers must be configured. debug ok aio1 Fri, 31 Jan 2020 15:52:58 +0000 00:00:00.200
ansible-hardening : Count nameserver entries in /etc/resolv.conf command ok aio1 Fri, 31 Jan 2020 15:52:57 +0000 00:00:00.620
ansible-hardening : Limit new TCP connections to 25/minute and allow bursting to 100 command skipped aio1 Fri, 31 Jan 2020 15:52:56 +0000 00:00:00.173
ansible-hardening : Check firewalld status command ok aio1 Fri, 31 Jan 2020 15:52:55 +0000 00:00:00.634
ansible-hardening : Check if chrony configuration file exists stat ok aio1 Fri, 31 Jan 2020 15:52:54 +0000 00:00:00.319
ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions blockinfile changed aio1 Fri, 31 Jan 2020 15:52:54 +0000 00:00:00.309
ansible-hardening : Remove old config block for V-72223 from openstack-ansible-security blockinfile ok aio1 Fri, 31 Jan 2020 15:52:53 +0000 00:00:00.306
ansible-hardening : Check if ClamAV update process is already running shell ok aio1 Fri, 31 Jan 2020 15:52:52 +0000 00:00:00.325
ansible-hardening : Remove 'Example' line from ClamAV configuration files lineinfile skipped aio1 Fri, 31 Jan 2020 15:52:51 +0000 00:00:00.192
ansible-hardening : Check if ClamAV is installed stat ok aio1 Fri, 31 Jan 2020 15:52:50 +0000 00:00:00.291
ansible-hardening : V-72209 - The system must send rsyslog output to a log aggregation server. debug ok aio1 Fri, 31 Jan 2020 15:52:49 +0000 00:00:00.723
ansible-hardening : Check if syslog output is being sent to another server command ok aio1 Fri, 31 Jan 2020 15:52:48 +0000 00:00:00.352
ansible-hardening : Check for /tmp on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:52:48 +0000 00:00:00.507
ansible-hardening : Check for /var/log/audit on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:52:47 +0000 00:00:00.182
ansible-hardening : Check for /var on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:52:47 +0000 00:00:00.185
ansible-hardening : Check for /home on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:52:46 +0000 00:00:00.186
ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled systemd changed aio1 Fri, 31 Jan 2020 15:52:45 +0000 00:00:00.739
ansible-hardening : Check autofs service command ok aio1 Fri, 31 Jan 2020 15:52:44 +0000 00:00:00.309
ansible-hardening : Check for unlabeled device files command skipped aio1 Fri, 31 Jan 2020 15:52:43 +0000 00:00:00.167
ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot selinux skipped aio1 Fri, 31 Jan 2020 15:52:43 +0000 00:00:00.169
ansible-hardening : Check if apparmor is running command ok aio1 Fri, 31 Jan 2020 15:52:42 +0000 00:00:00.301
ansible-hardening : Check apparmor_status output command ok aio1 Fri, 31 Jan 2020 15:52:41 +0000 00:00:00.434
ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled copy changed aio1 Fri, 31 Jan 2020 15:52:40 +0000 00:00:00.856
ansible-hardening : Check if FIPS is enabled command skipped aio1 Fri, 31 Jan 2020 15:52:39 +0000 00:00:00.227
ansible-hardening : Check kdump service command ok aio1 Fri, 31 Jan 2020 15:52:38 +0000 00:00:00.307
ansible-hardening : Set sysctl configurations sysctl changed aio1 Fri, 31 Jan 2020 15:52:36 +0000 00:00:01.997
ansible-hardening : V-71983 - USB mass storage must be disabled. lineinfile changed aio1 Fri, 31 Jan 2020 15:52:35 +0000 00:00:00.360
ansible-hardening : Create a GDM keyfile for machine-wide settings template skipped aio1 Fri, 31 Jan 2020 15:52:34 +0000 00:00:00.188
ansible-hardening : Create dconf directories file skipped aio1 Fri, 31 Jan 2020 15:52:33 +0000 00:00:00.203
ansible-hardening : Check for dconf profiles stat ok aio1 Fri, 31 Jan 2020 15:52:32 +0000 00:00:00.347
ansible-hardening : Check if gdm is installed and configured stat ok aio1 Fri, 31 Jan 2020 15:52:31 +0000 00:00:00.286
ansible-hardening : Check if /etc/cron.allow exists stat ok aio1 Fri, 31 Jan 2020 15:52:30 +0000 00:00:00.294
ansible-hardening : Find all world-writable directories shell skipped aio1 Fri, 31 Jan 2020 15:52:29 +0000 00:00:00.171
ansible-hardening : Set proper owner, group owner, and permissions on home directories file skipped aio1 Fri, 31 Jan 2020 15:52:29 +0000 00:00:00.208
ansible-hardening : Search for files/directories with an invalid group owner command skipped aio1 Fri, 31 Jan 2020 15:52:28 +0000 00:00:00.170
ansible-hardening : Search for files/directories with an invalid owner command skipped aio1 Fri, 31 Jan 2020 15:52:27 +0000 00:00:00.515
ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values shell skipped aio1 Fri, 31 Jan 2020 15:52:26 +0000 00:00:00.453
ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership shell skipped aio1 Fri, 31 Jan 2020 15:52:25 +0000 00:00:00.177
ansible-hardening : Remove .shosts or shosts.equiv files file skipped aio1 Fri, 31 Jan 2020 15:52:25 +0000 00:00:00.178
ansible-hardening : Ensure .shosts find has finished async_status skipped aio1 Fri, 31 Jan 2020 15:52:25 +0000 00:00:00.171
ansible-hardening : Check for pam_lastlog in PAM configuration command ok aio1 Fri, 31 Jan 2020 15:52:23 +0000 00:00:00.626
ansible-hardening : Check if GRUB2 custom file exists stat ok aio1 Fri, 31 Jan 2020 15:52:21 +0000 00:00:00.309
ansible-hardening : Check if sssd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:21 +0000 00:00:00.290
ansible-hardening : Check for '!authenticate' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:52:20 +0000 00:00:00.297
ansible-hardening : V-71947 - Users must provide a password for privilege escalation. debug ok aio1 Fri, 31 Jan 2020 15:52:20 +0000 00:00:00.193
ansible-hardening : Check for 'nopasswd' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:52:19 +0000 00:00:00.308
ansible-hardening : Prevent users with blank or null passwords from authenticating (SUSE) lineinfile skipped aio1 Fri, 31 Jan 2020 15:52:18 +0000 00:00:00.194
ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat) lineinfile skipped aio1 Fri, 31 Jan 2020 15:52:18 +0000 00:00:00.186
ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu) lineinfile changed aio1 Fri, 31 Jan 2020 15:52:17 +0000 00:00:00.377
ansible-hardening : Set pam_faildelay configuration on Ubuntu lineinfile changed aio1 Fri, 31 Jan 2020 15:52:17 +0000 00:00:00.311
ansible-hardening : Ensure auditd is running and enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:52:16 +0000 00:00:00.424
ansible-hardening : Adjust auditd/audispd configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:52:14 +0000 00:00:00.920
ansible-hardening : Deploy rules for auditd based on STIG requirements template changed aio1 Fri, 31 Jan 2020 15:52:14 +0000 00:00:00.544
ansible-hardening : Remove old RHEL 6 audit rules file file ok aio1 Fri, 31 Jan 2020 15:52:13 +0000 00:00:00.637
ansible-hardening : Remove system default audit.rules file file changed aio1 Fri, 31 Jan 2020 15:52:12 +0000 00:00:00.642
ansible-hardening : Get valid system architectures for audit rules set_fact ok aio1 Fri, 31 Jan 2020 15:52:11 +0000 00:00:00.180
ansible-hardening : Verify that audisp-remote.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:10 +0000 00:00:00.641
ansible-hardening : Verify that auditd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:09 +0000 00:00:00.307
ansible-hardening : Initialize AIDE (this will take a few minutes) shell skipped aio1 Fri, 31 Jan 2020 15:52:08 +0000 00:00:00.181
ansible-hardening : Check to see if AIDE database is already in place stat ok aio1 Fri, 31 Jan 2020 15:52:07 +0000 00:00:00.303
ansible-hardening : Configure AIDE to verify additional properties (Ubuntu) blockinfile changed aio1 Fri, 31 Jan 2020 15:52:07 +0000 00:00:00.308
ansible-hardening : Exclude certain directories from AIDE template changed aio1 Fri, 31 Jan 2020 15:52:06 +0000 00:00:00.531
ansible-hardening : Verify that AIDE configuration directory exists stat ok aio1 Fri, 31 Jan 2020 15:52:05 +0000 00:00:00.452
ansible-hardening : Print warning for users with an assigned home directory that does not exist debug ok aio1 Fri, 31 Jan 2020 15:52:05 +0000 00:00:00.265
ansible-hardening : Check each user to see if its home directory exists on the filesystem stat ok aio1 Fri, 31 Jan 2020 15:51:59 +0000 00:00:04.425
ansible-hardening : Get all accounts with UID 0 shell ok aio1 Fri, 31 Jan 2020 15:51:58 +0000 00:00:00.292
ansible-hardening : Apply shadow-utils configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:51:56 +0000 00:00:00.638
ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:51:55 +0000 00:00:00.502
ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:51:54 +0000 00:00:00.213
ansible-hardening : Check for SHA512 password storage in PAM command ok aio1 Fri, 31 Jan 2020 15:51:53 +0000 00:00:00.309
ansible-hardening : Set password quality requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:51:52 +0000 00:00:00.327
ansible-hardening : Check if /etc/security/pwquality.conf exists stat ok aio1 Fri, 31 Jan 2020 15:51:51 +0000 00:00:00.312
ansible-hardening : V-71979 - Package management tool must verify authenticity of locally-installed packages lineinfile changed aio1 Fri, 31 Jan 2020 15:51:50 +0000 00:00:00.509
ansible-hardening : V-71977 - Package management tool must verify authenticity of packages debug ok aio1 Fri, 31 Jan 2020 15:51:50 +0000 00:00:00.192
ansible-hardening : Search for AllowUnauthenticated in /etc/apt/apt.conf.d/ command ok aio1 Fri, 31 Jan 2020 15:51:49 +0000 00:00:00.322
ansible-hardening : V-71855 - Get files with invalid checksums (apt) shell skipped aio1 Fri, 31 Jan 2020 15:51:48 +0000 00:00:00.225
ansible-hardening : include_tasks include_tasks ok aio1 Fri, 31 Jan 2020 15:51:46 +0000 00:00:00.174
ansible-hardening : Remove packages based on STIG requirements package ok aio1 Fri, 31 Jan 2020 15:51:45 +0000 00:00:00.690
ansible-hardening : Add packages based on STIG requirements package changed aio1 Fri, 31 Jan 2020 15:50:50 +0000 00:00:50.313
ansible-hardening : Get user data for all interactive users on the system get_users ok aio1 Fri, 31 Jan 2020 15:50:49 +0000 00:00:00.290
ansible-hardening : Get user data for all users on the system get_users ok aio1 Fri, 31 Jan 2020 15:50:48 +0000 00:00:00.582
ansible-hardening : Check for .shosts or shosts.equiv files find skipped aio1 Fri, 31 Jan 2020 15:50:47 +0000 00:00:00.742
ansible-hardening : Verify all installed RPM packages shell skipped aio1 Fri, 31 Jan 2020 15:50:47 +0000 00:00:00.173
ansible-hardening : Set a fact for the temporary directory set_fact ok aio1 Fri, 31 Jan 2020 15:50:46 +0000 00:00:00.187
ansible-hardening : Create temporary directory to hold any temporary files command ok aio1 Fri, 31 Jan 2020 15:50:46 +0000 00:00:00.305
ansible-hardening : Check if grub is present on the remote node stat ok aio1 Fri, 31 Jan 2020 15:50:45 +0000 00:00:00.362
ansible-hardening : Set facts set_fact ok aio1 Fri, 31 Jan 2020 15:50:45 +0000 00:00:00.185
ansible-hardening : Check to see if we are booting with EFI or UEFI set_fact ok aio1 Fri, 31 Jan 2020 15:50:44 +0000 00:00:00.184
ansible-hardening : Check for check/audit mode command ok aio1 Fri, 31 Jan 2020 15:50:44 +0000 00:00:00.288
ansible-hardening : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:50:43 +0000 00:00:00.542
openstack_hosts : Update CA store - Centos command changed aio1 Fri, 31 Jan 2020 15:50:40 +0000 00:00:01.014
openstack_hosts : Copy CA certificates copy skipped aio1 Fri, 31 Jan 2020 15:50:39 +0000 00:00:00.495
openstack_hosts : Update SSH keys authorized_key skipped aio1 Fri, 31 Jan 2020 15:50:39 +0000 00:00:00.172
openstack_hosts : Ensure ssh directory file ok aio1 Fri, 31 Jan 2020 15:50:38 +0000 00:00:00.296
openstack_hosts : Install user defined extra distro packages package skipped aio1 Fri, 31 Jan 2020 15:50:38 +0000 00:00:00.166
openstack_hosts : Install distro packages package changed aio1 Fri, 31 Jan 2020 15:50:35 +0000 00:00:01.942
openstack_hosts : Create a directory to hold systemd journals on disk file ok aio1 Fri, 31 Jan 2020 15:50:34 +0000 00:00:00.301
openstack_hosts : Enable sysstat cron template changed aio1 Fri, 31 Jan 2020 15:50:33 +0000 00:00:00.536
openstack_hosts : Enable sysstat config template changed aio1 Fri, 31 Jan 2020 15:50:33 +0000 00:00:00.536
openstack_hosts : Configure sysstat include_tasks ok aio1 Fri, 31 Jan 2020 15:50:32 +0000 00:00:00.183
openstack_hosts : Adding new system tuning sysctl changed aio1 Fri, 31 Jan 2020 15:50:28 +0000 00:00:04.250
openstack_hosts : Write list of modules to load at boot template changed aio1 Fri, 31 Jan 2020 15:50:26 +0000 00:00:00.823
openstack_hosts : Load kernel module(s) modprobe changed aio1 Fri, 31 Jan 2020 15:50:22 +0000 00:00:04.719
openstack_hosts : Fail fast if we can't load a module fail skipped aio1 Fri, 31 Jan 2020 15:50:21 +0000 00:00:00.192
openstack_hosts : check how kernel modules are implemented (statically builtin, dynamic, not set) slurp ok aio1 Fri, 31 Jan 2020 15:50:13 +0000 00:00:00.575
openstack_hosts : Install user defined extra distro packages for bare metal nodes package skipped aio1 Fri, 31 Jan 2020 15:50:12 +0000 00:00:00.169
openstack_hosts : Install distro packages for bare metal nodes package changed aio1 Fri, 31 Jan 2020 15:50:04 +0000 00:00:07.204
openstack_hosts : Update Apt cache apt ok aio1 Fri, 31 Jan 2020 15:50:00 +0000 00:00:03.953
openstack_hosts : Add/Remove/Update standard and user defined repositories apt_repository changed aio1 Fri, 31 Jan 2020 15:49:59 +0000 00:00:00.812
openstack_hosts : Remove any old UCA repository using the old filename file ok aio1 Fri, 31 Jan 2020 15:49:58 +0000 00:00:00.293
openstack_hosts : Add requirement packages (repositories gpg keys, toolkits...) apt changed aio1 Fri, 31 Jan 2020 15:49:56 +0000 00:00:01.918
openstack_hosts : Add/Remove repositories gpg keys manually apt_key skipped aio1 Fri, 31 Jan 2020 15:49:56 +0000 00:00:00.170
openstack_hosts : Apply package management distro specific configuration include_tasks ok aio1 Fri, 31 Jan 2020 15:49:55 +0000 00:00:00.284
openstack_hosts : Remove the blacklisted packages package ok aio1 Fri, 31 Jan 2020 15:49:54 +0000 00:00:00.969
openstack_hosts : Update hosts file command ok aio1 Fri, 31 Jan 2020 15:49:53 +0000 00:00:00.505
openstack_hosts : Stat host file stat ok aio1 Fri, 31 Jan 2020 15:49:52 +0000 00:00:00.314
openstack_hosts : Copy templated hosts file entries script template changed aio1 Fri, 31 Jan 2020 15:49:52 +0000 00:00:00.636
openstack_hosts : Drop hosts file entries script locally template changed aio1 Fri, 31 Jan 2020 15:49:51 +0000 00:00:00.680
openstack_hosts : Add global_environment_variables to environment file blockinfile changed aio1 Fri, 31 Jan 2020 15:49:50 +0000 00:00:00.546
openstack_hosts : Drop openstack release file template changed aio1 Fri, 31 Jan 2020 15:49:48 +0000 00:00:01.271
openstack_hosts : Allow the usage of local facts file changed aio1 Fri, 31 Jan 2020 15:49:47 +0000 00:00:00.545
openstack_hosts : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:49:47 +0000 00:00:00.211
Check for a supported Operating System assert ok aio1 Fri, 31 Jan 2020 15:49:46 +0000 00:00:00.174
Ensure python is installed raw ok aio1 Fri, 31 Jan 2020 15:49:43 +0000 00:00:00.374