Arguments and configuration
Argument Value
verbosity 0
ask_pass False
private_key_file None
remote_user None
connection ssh
timeout 5
ssh_common_args
sftp_extra_args
scp_extra_args
ssh_extra_args
force_handlers True
flush_cache None
become False
become_method sudo
become_user None
become_ask_pass False
tags ['all']
skip_tags []
check False
syntax None
diff False
inventory ['/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py', '/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini', '/etc/openstack_deploy/inventory.ini']
listhosts None
subset None
extra_vars Not saved by ARA as configured by 'ignored_arguments'
ask_vault_pass False
vault_password_files []
vault_ids []
forks 5
module_path None
listtasks None
listtags None
step None
start_at_task None
args ['setup-hosts.yml']
Records No records have been saved with ara_record for this playbook.
Files
Hosts
Host Changed Failed Ok Skipped Unreachable
aio1 38 0 114 30 0
Task results
Task Action Status Host Started Duration
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:02 +0000 00:00:02.253
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:02 +0000 00:00:01.628
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:02 +0000 00:00:01.158
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:53:02 +0000 00:00:00.609
ansible-hardening : Remove the temporary directory file ok aio1 Fri, 31 Jan 2020 15:53:01 +0000 00:00:00.325
ansible-hardening : Private host key files must have mode 0600 or less file ok aio1 Fri, 31 Jan 2020 15:53:00 +0000 00:00:00.788
ansible-hardening : Determine existing private ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:53:00 +0000 00:00:00.321
ansible-hardening : Public host key files must have mode 0644 or less file ok aio1 Fri, 31 Jan 2020 15:52:59 +0000 00:00:00.775
ansible-hardening : Determine existing public ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:52:58 +0000 00:00:00.305
ansible-hardening : Ensure sshd is enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:52:58 +0000 00:00:00.421
ansible-hardening : Adjust ssh server configuration based on STIG requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:52:57 +0000 00:00:00.355
ansible-hardening : Copy login warning banner copy changed aio1 Fri, 31 Jan 2020 15:52:56 +0000 00:00:00.536
ansible-hardening : Check to see if snmpd config contains public/private shell ok aio1 Fri, 31 Jan 2020 15:52:56 +0000 00:00:00.302
ansible-hardening : Check TFTP configuration mode command skipped aio1 Fri, 31 Jan 2020 15:52:55 +0000 00:00:00.171
ansible-hardening : Check for TFTP server configuration file stat ok aio1 Fri, 31 Jan 2020 15:52:54 +0000 00:00:00.311
ansible-hardening : V-72297 - Prevent unrestricted mail relaying lineinfile changed aio1 Fri, 31 Jan 2020 15:52:54 +0000 00:00:00.323
ansible-hardening : Check for postfix configuration file stat ok aio1 Fri, 31 Jan 2020 15:52:53 +0000 00:00:00.335
ansible-hardening : Check for interfaces in promiscuous mode shell ok aio1 Fri, 31 Jan 2020 15:52:53 +0000 00:00:00.307
ansible-hardening : V-72281 - For systems using DNS resolution, at least two name servers must be configured. debug ok aio1 Fri, 31 Jan 2020 15:52:52 +0000 00:00:00.216
ansible-hardening : Count nameserver entries in /etc/resolv.conf command ok aio1 Fri, 31 Jan 2020 15:52:52 +0000 00:00:00.310
ansible-hardening : Limit new TCP connections to 25/minute and allow bursting to 100 command skipped aio1 Fri, 31 Jan 2020 15:52:51 +0000 00:00:00.175
ansible-hardening : Check firewalld status command ok aio1 Fri, 31 Jan 2020 15:52:50 +0000 00:00:00.309
ansible-hardening : Check if chrony configuration file exists stat ok aio1 Fri, 31 Jan 2020 15:52:50 +0000 00:00:00.335
ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions blockinfile changed aio1 Fri, 31 Jan 2020 15:52:49 +0000 00:00:00.304
ansible-hardening : Remove old config block for V-72223 from openstack-ansible-security blockinfile ok aio1 Fri, 31 Jan 2020 15:52:48 +0000 00:00:00.328
ansible-hardening : Check if ClamAV update process is already running shell ok aio1 Fri, 31 Jan 2020 15:52:48 +0000 00:00:00.333
ansible-hardening : Remove 'Example' line from ClamAV configuration files lineinfile skipped aio1 Fri, 31 Jan 2020 15:52:47 +0000 00:00:00.193
ansible-hardening : Check if ClamAV is installed stat ok aio1 Fri, 31 Jan 2020 15:52:46 +0000 00:00:00.299
ansible-hardening : V-72209 - The system must send rsyslog output to a log aggregation server. debug ok aio1 Fri, 31 Jan 2020 15:52:46 +0000 00:00:00.195
ansible-hardening : Check if syslog output is being sent to another server command ok aio1 Fri, 31 Jan 2020 15:52:44 +0000 00:00:01.299
ansible-hardening : Check for /tmp on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:52:44 +0000 00:00:00.184
ansible-hardening : Check for /var/log/audit on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:52:44 +0000 00:00:00.185
ansible-hardening : Check for /var on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:52:43 +0000 00:00:00.192
ansible-hardening : Check for /home on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:52:43 +0000 00:00:00.190
ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled systemd changed aio1 Fri, 31 Jan 2020 15:52:42 +0000 00:00:00.840
ansible-hardening : Check autofs service command ok aio1 Fri, 31 Jan 2020 15:52:41 +0000 00:00:00.302
ansible-hardening : Check for unlabeled device files command skipped aio1 Fri, 31 Jan 2020 15:52:40 +0000 00:00:00.167
ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot selinux skipped aio1 Fri, 31 Jan 2020 15:52:40 +0000 00:00:00.167
ansible-hardening : Check if apparmor is running command ok aio1 Fri, 31 Jan 2020 15:52:39 +0000 00:00:00.332
ansible-hardening : Check apparmor_status output command ok aio1 Fri, 31 Jan 2020 15:52:38 +0000 00:00:00.447
ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled copy changed aio1 Fri, 31 Jan 2020 15:52:38 +0000 00:00:00.537
ansible-hardening : Check if FIPS is enabled command skipped aio1 Fri, 31 Jan 2020 15:52:37 +0000 00:00:00.169
ansible-hardening : Check kdump service command ok aio1 Fri, 31 Jan 2020 15:52:36 +0000 00:00:00.370
ansible-hardening : Set sysctl configurations sysctl changed aio1 Fri, 31 Jan 2020 15:52:34 +0000 00:00:01.564
ansible-hardening : V-71983 - USB mass storage must be disabled. lineinfile changed aio1 Fri, 31 Jan 2020 15:52:34 +0000 00:00:00.306
ansible-hardening : Create a GDM keyfile for machine-wide settings template skipped aio1 Fri, 31 Jan 2020 15:52:33 +0000 00:00:00.190
ansible-hardening : Create dconf directories file skipped aio1 Fri, 31 Jan 2020 15:52:32 +0000 00:00:00.200
ansible-hardening : Check for dconf profiles stat ok aio1 Fri, 31 Jan 2020 15:52:32 +0000 00:00:00.294
ansible-hardening : Check if gdm is installed and configured stat ok aio1 Fri, 31 Jan 2020 15:52:31 +0000 00:00:00.309
ansible-hardening : Check if /etc/cron.allow exists stat ok aio1 Fri, 31 Jan 2020 15:52:30 +0000 00:00:00.296
ansible-hardening : Find all world-writable directories shell skipped aio1 Fri, 31 Jan 2020 15:52:29 +0000 00:00:00.175
ansible-hardening : Set proper owner, group owner, and permissions on home directories file skipped aio1 Fri, 31 Jan 2020 15:52:29 +0000 00:00:00.229
ansible-hardening : Search for files/directories with an invalid group owner command skipped aio1 Fri, 31 Jan 2020 15:52:28 +0000 00:00:00.169
ansible-hardening : Search for files/directories with an invalid owner command skipped aio1 Fri, 31 Jan 2020 15:52:28 +0000 00:00:00.183
ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values shell skipped aio1 Fri, 31 Jan 2020 15:52:27 +0000 00:00:00.180
ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership shell skipped aio1 Fri, 31 Jan 2020 15:52:27 +0000 00:00:00.181
ansible-hardening : Remove .shosts or shosts.equiv files file skipped aio1 Fri, 31 Jan 2020 15:52:27 +0000 00:00:00.181
ansible-hardening : Ensure .shosts find has finished async_status skipped aio1 Fri, 31 Jan 2020 15:52:26 +0000 00:00:00.170
ansible-hardening : Check for pam_lastlog in PAM configuration command ok aio1 Fri, 31 Jan 2020 15:52:26 +0000 00:00:00.307
ansible-hardening : Check if GRUB2 custom file exists stat ok aio1 Fri, 31 Jan 2020 15:52:24 +0000 00:00:00.328
ansible-hardening : Check if sssd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:24 +0000 00:00:00.303
ansible-hardening : Check for '!authenticate' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:52:23 +0000 00:00:00.302
ansible-hardening : V-71947 - Users must provide a password for privilege escalation. debug ok aio1 Fri, 31 Jan 2020 15:52:23 +0000 00:00:00.195
ansible-hardening : Check for 'nopasswd' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:52:22 +0000 00:00:00.305
ansible-hardening : Prevent users with blank or null passwords from authenticating (SUSE) lineinfile skipped aio1 Fri, 31 Jan 2020 15:52:22 +0000 00:00:00.194
ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat) lineinfile skipped aio1 Fri, 31 Jan 2020 15:52:21 +0000 00:00:00.197
ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu) lineinfile changed aio1 Fri, 31 Jan 2020 15:52:21 +0000 00:00:00.331
ansible-hardening : Set pam_faildelay configuration on Ubuntu lineinfile changed aio1 Fri, 31 Jan 2020 15:52:20 +0000 00:00:00.330
ansible-hardening : Ensure auditd is running and enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:52:19 +0000 00:00:00.423
ansible-hardening : Adjust auditd/audispd configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:52:18 +0000 00:00:00.945
ansible-hardening : Deploy rules for auditd based on STIG requirements template changed aio1 Fri, 31 Jan 2020 15:52:17 +0000 00:00:00.577
ansible-hardening : Remove old RHEL 6 audit rules file file ok aio1 Fri, 31 Jan 2020 15:52:17 +0000 00:00:00.301
ansible-hardening : Remove system default audit.rules file file changed aio1 Fri, 31 Jan 2020 15:52:16 +0000 00:00:00.324
ansible-hardening : Get valid system architectures for audit rules set_fact ok aio1 Fri, 31 Jan 2020 15:52:16 +0000 00:00:00.186
ansible-hardening : Verify that audisp-remote.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:15 +0000 00:00:00.332
ansible-hardening : Verify that auditd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:15 +0000 00:00:00.312
ansible-hardening : Initialize AIDE (this will take a few minutes) shell skipped aio1 Fri, 31 Jan 2020 15:52:14 +0000 00:00:00.182
ansible-hardening : Check to see if AIDE database is already in place stat ok aio1 Fri, 31 Jan 2020 15:52:13 +0000 00:00:00.296
ansible-hardening : Configure AIDE to verify additional properties (Ubuntu) blockinfile changed aio1 Fri, 31 Jan 2020 15:52:13 +0000 00:00:00.323
ansible-hardening : Exclude certain directories from AIDE template changed aio1 Fri, 31 Jan 2020 15:52:12 +0000 00:00:00.555
ansible-hardening : Verify that AIDE configuration directory exists stat ok aio1 Fri, 31 Jan 2020 15:52:11 +0000 00:00:00.467
ansible-hardening : Print warning for users with an assigned home directory that does not exist debug ok aio1 Fri, 31 Jan 2020 15:52:11 +0000 00:00:00.209
ansible-hardening : Check each user to see if its home directory exists on the filesystem stat ok aio1 Fri, 31 Jan 2020 15:52:06 +0000 00:00:04.731
ansible-hardening : Get all accounts with UID 0 shell ok aio1 Fri, 31 Jan 2020 15:52:05 +0000 00:00:00.302
ansible-hardening : Apply shadow-utils configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:52:04 +0000 00:00:00.558
ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:52:03 +0000 00:00:00.218
ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:52:02 +0000 00:00:00.210
ansible-hardening : Check for SHA512 password storage in PAM command ok aio1 Fri, 31 Jan 2020 15:52:02 +0000 00:00:00.299
ansible-hardening : Set password quality requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:52:01 +0000 00:00:00.338
ansible-hardening : Check if /etc/security/pwquality.conf exists stat ok aio1 Fri, 31 Jan 2020 15:52:00 +0000 00:00:00.345
ansible-hardening : V-71979 - Package management tool must verify authenticity of locally-installed packages lineinfile changed aio1 Fri, 31 Jan 2020 15:51:59 +0000 00:00:00.501
ansible-hardening : V-71977 - Package management tool must verify authenticity of packages debug ok aio1 Fri, 31 Jan 2020 15:51:59 +0000 00:00:00.188
ansible-hardening : Search for AllowUnauthenticated in /etc/apt/apt.conf.d/ command ok aio1 Fri, 31 Jan 2020 15:51:58 +0000 00:00:00.293
ansible-hardening : V-71855 - Get files with invalid checksums (apt) shell skipped aio1 Fri, 31 Jan 2020 15:51:58 +0000 00:00:00.174
ansible-hardening : include_tasks include_tasks ok aio1 Fri, 31 Jan 2020 15:51:56 +0000 00:00:00.176
ansible-hardening : Remove packages based on STIG requirements package ok aio1 Fri, 31 Jan 2020 15:51:55 +0000 00:00:00.819
ansible-hardening : Add packages based on STIG requirements package changed aio1 Fri, 31 Jan 2020 15:51:04 +0000 00:00:51.208
ansible-hardening : Get user data for all interactive users on the system get_users ok aio1 Fri, 31 Jan 2020 15:51:03 +0000 00:00:00.290
ansible-hardening : Get user data for all users on the system get_users ok aio1 Fri, 31 Jan 2020 15:51:02 +0000 00:00:00.594
ansible-hardening : Check for .shosts or shosts.equiv files find skipped aio1 Fri, 31 Jan 2020 15:51:02 +0000 00:00:00.174
ansible-hardening : Verify all installed RPM packages shell skipped aio1 Fri, 31 Jan 2020 15:51:02 +0000 00:00:00.178
ansible-hardening : Set a fact for the temporary directory set_fact ok aio1 Fri, 31 Jan 2020 15:51:01 +0000 00:00:00.190
ansible-hardening : Create temporary directory to hold any temporary files command ok aio1 Fri, 31 Jan 2020 15:51:01 +0000 00:00:00.306
ansible-hardening : Check if grub is present on the remote node stat ok aio1 Fri, 31 Jan 2020 15:51:00 +0000 00:00:00.307
ansible-hardening : Set facts set_fact ok aio1 Fri, 31 Jan 2020 15:51:00 +0000 00:00:00.185
ansible-hardening : Check to see if we are booting with EFI or UEFI set_fact ok aio1 Fri, 31 Jan 2020 15:50:59 +0000 00:00:00.189
ansible-hardening : Check for check/audit mode command ok aio1 Fri, 31 Jan 2020 15:50:59 +0000 00:00:00.306
ansible-hardening : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:50:59 +0000 00:00:00.221
openstack_hosts : Update CA store - Centos command changed aio1 Fri, 31 Jan 2020 15:50:57 +0000 00:00:01.059
openstack_hosts : Copy CA certificates copy skipped aio1 Fri, 31 Jan 2020 15:50:56 +0000 00:00:00.168
openstack_hosts : Update SSH keys authorized_key skipped aio1 Fri, 31 Jan 2020 15:50:56 +0000 00:00:00.170
openstack_hosts : Ensure ssh directory file ok aio1 Fri, 31 Jan 2020 15:50:55 +0000 00:00:00.296
openstack_hosts : Install user defined extra distro packages package skipped aio1 Fri, 31 Jan 2020 15:50:55 +0000 00:00:00.163
openstack_hosts : Install distro packages package changed aio1 Fri, 31 Jan 2020 15:50:53 +0000 00:00:02.136
openstack_hosts : Create a directory to hold systemd journals on disk file ok aio1 Fri, 31 Jan 2020 15:50:52 +0000 00:00:00.316
openstack_hosts : Enable sysstat cron template changed aio1 Fri, 31 Jan 2020 15:50:51 +0000 00:00:00.672
openstack_hosts : Enable sysstat config template changed aio1 Fri, 31 Jan 2020 15:50:50 +0000 00:00:00.579
openstack_hosts : Configure sysstat include_tasks ok aio1 Fri, 31 Jan 2020 15:50:49 +0000 00:00:00.187
openstack_hosts : Adding new system tuning sysctl changed aio1 Fri, 31 Jan 2020 15:50:45 +0000 00:00:04.470
openstack_hosts : Write list of modules to load at boot template changed aio1 Fri, 31 Jan 2020 15:50:44 +0000 00:00:00.846
openstack_hosts : Load kernel module(s) modprobe changed aio1 Fri, 31 Jan 2020 15:50:38 +0000 00:00:05.015
openstack_hosts : Fail fast if we can't load a module fail skipped aio1 Fri, 31 Jan 2020 15:50:38 +0000 00:00:00.204
openstack_hosts : check how kernel modules are implemented (statically builtin, dynamic, not set) slurp ok aio1 Fri, 31 Jan 2020 15:50:36 +0000 00:00:00.578
openstack_hosts : Install user defined extra distro packages for bare metal nodes package skipped aio1 Fri, 31 Jan 2020 15:50:36 +0000 00:00:00.178
openstack_hosts : Install distro packages for bare metal nodes package changed aio1 Fri, 31 Jan 2020 15:50:27 +0000 00:00:08.386
openstack_hosts : Update Apt cache apt ok aio1 Fri, 31 Jan 2020 15:50:23 +0000 00:00:04.201
openstack_hosts : Add/Remove/Update standard and user defined repositories apt_repository changed aio1 Fri, 31 Jan 2020 15:50:22 +0000 00:00:00.800
openstack_hosts : Remove any old UCA repository using the old filename file ok aio1 Fri, 31 Jan 2020 15:50:21 +0000 00:00:00.304
openstack_hosts : Add requirement packages (repositories gpg keys, toolkits...) apt changed aio1 Fri, 31 Jan 2020 15:50:19 +0000 00:00:02.002
openstack_hosts : Add/Remove repositories gpg keys manually apt_key skipped aio1 Fri, 31 Jan 2020 15:50:18 +0000 00:00:00.178
openstack_hosts : Apply package management distro specific configuration include_tasks ok aio1 Fri, 31 Jan 2020 15:50:18 +0000 00:00:00.161
openstack_hosts : Remove the blacklisted packages package ok aio1 Fri, 31 Jan 2020 15:50:17 +0000 00:00:00.903
openstack_hosts : Update hosts file command ok aio1 Fri, 31 Jan 2020 15:50:16 +0000 00:00:00.571
openstack_hosts : Stat host file stat ok aio1 Fri, 31 Jan 2020 15:50:15 +0000 00:00:00.325
openstack_hosts : Copy templated hosts file entries script template changed aio1 Fri, 31 Jan 2020 15:50:15 +0000 00:00:00.543
openstack_hosts : Drop hosts file entries script locally template changed aio1 Fri, 31 Jan 2020 15:50:14 +0000 00:00:00.684
openstack_hosts : Add global_environment_variables to environment file blockinfile changed aio1 Fri, 31 Jan 2020 15:50:13 +0000 00:00:00.495
openstack_hosts : Drop openstack release file template changed aio1 Fri, 31 Jan 2020 15:50:12 +0000 00:00:00.978
openstack_hosts : Allow the usage of local facts file changed aio1 Fri, 31 Jan 2020 15:50:11 +0000 00:00:00.289
openstack_hosts : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:50:11 +0000 00:00:00.210
Remove apt package manager proxy file ok aio1 Fri, 31 Jan 2020 15:50:09 +0000 00:00:00.571
include_tasks include_tasks ok aio1 Fri, 31 Jan 2020 15:50:08 +0000 00:00:00.178
Check for a supported Operating System assert ok aio1 Fri, 31 Jan 2020 15:50:08 +0000 00:00:00.181
Ensure python is installed raw ok aio1 Fri, 31 Jan 2020 15:50:06 +0000 00:00:00.364