Arguments and configuration
Argument Value
verbosity 0
ask_pass False
private_key_file None
remote_user None
connection ssh
timeout 5
ssh_common_args
sftp_extra_args
scp_extra_args
ssh_extra_args
force_handlers True
flush_cache None
become False
become_method sudo
become_user None
become_ask_pass False
tags ['all']
skip_tags []
check False
syntax None
diff False
inventory ['/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py', '/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini', '/etc/openstack_deploy/inventory.ini']
listhosts None
subset None
extra_vars Not saved by ARA as configured by 'ignored_arguments'
ask_vault_pass False
vault_password_files []
vault_ids []
forks 5
module_path None
listtasks None
listtags None
step None
start_at_task None
args ['setup-hosts.yml']
Records No records have been saved with ara_record for this playbook.
Files
Hosts
Host Changed Failed Ok Skipped Unreachable
aio1 36 0 112 32 0
Task results
Task Action Status Host Started Duration
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:48:46 +0000 00:00:01.876
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:48:46 +0000 00:00:01.331
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:48:46 +0000 00:00:00.934
ansible-hardening : include_tasks include_tasks changed aio1 Fri, 31 Jan 2020 15:48:46 +0000 00:00:00.437
ansible-hardening : Remove the temporary directory file ok aio1 Fri, 31 Jan 2020 15:48:45 +0000 00:00:00.363
ansible-hardening : Private host key files must have mode 0600 or less file ok aio1 Fri, 31 Jan 2020 15:48:44 +0000 00:00:00.747
ansible-hardening : Determine existing private ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:48:44 +0000 00:00:00.277
ansible-hardening : Public host key files must have mode 0644 or less file ok aio1 Fri, 31 Jan 2020 15:48:43 +0000 00:00:00.758
ansible-hardening : Determine existing public ssh host keys shell ok aio1 Fri, 31 Jan 2020 15:48:43 +0000 00:00:00.285
ansible-hardening : Ensure sshd is enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:48:42 +0000 00:00:00.400
ansible-hardening : Adjust ssh server configuration based on STIG requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:48:42 +0000 00:00:00.312
ansible-hardening : Copy login warning banner copy changed aio1 Fri, 31 Jan 2020 15:48:41 +0000 00:00:00.570
ansible-hardening : Check to see if snmpd config contains public/private shell ok aio1 Fri, 31 Jan 2020 15:48:40 +0000 00:00:00.289
ansible-hardening : Check TFTP configuration mode command skipped aio1 Fri, 31 Jan 2020 15:48:40 +0000 00:00:00.136
ansible-hardening : Check for TFTP server configuration file stat ok aio1 Fri, 31 Jan 2020 15:48:39 +0000 00:00:00.283
ansible-hardening : Check for postfix configuration file stat ok aio1 Fri, 31 Jan 2020 15:48:39 +0000 00:00:00.279
ansible-hardening : Check for interfaces in promiscuous mode shell ok aio1 Fri, 31 Jan 2020 15:48:38 +0000 00:00:00.282
ansible-hardening : V-72281 - For systems using DNS resolution, at least two name servers must be configured. debug ok aio1 Fri, 31 Jan 2020 15:48:38 +0000 00:00:00.167
ansible-hardening : Count nameserver entries in /etc/resolv.conf command ok aio1 Fri, 31 Jan 2020 15:48:37 +0000 00:00:00.278
ansible-hardening : Limit new TCP connections to 25/minute and allow bursting to 100 command skipped aio1 Fri, 31 Jan 2020 15:48:37 +0000 00:00:00.136
ansible-hardening : Check firewalld status command ok aio1 Fri, 31 Jan 2020 15:48:36 +0000 00:00:00.286
ansible-hardening : Check if chrony configuration file exists stat ok aio1 Fri, 31 Jan 2020 15:48:36 +0000 00:00:00.295
ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions blockinfile changed aio1 Fri, 31 Jan 2020 15:48:35 +0000 00:00:00.273
ansible-hardening : Remove old config block for V-72223 from openstack-ansible-security blockinfile ok aio1 Fri, 31 Jan 2020 15:48:35 +0000 00:00:00.270
ansible-hardening : Check if ClamAV update process is already running shell ok aio1 Fri, 31 Jan 2020 15:48:34 +0000 00:00:00.296
ansible-hardening : Remove 'Example' line from ClamAV configuration files lineinfile skipped aio1 Fri, 31 Jan 2020 15:48:33 +0000 00:00:00.156
ansible-hardening : Check if ClamAV is installed stat ok aio1 Fri, 31 Jan 2020 15:48:33 +0000 00:00:00.277
ansible-hardening : V-72209 - The system must send rsyslog output to a log aggregation server. debug ok aio1 Fri, 31 Jan 2020 15:48:32 +0000 00:00:00.150
ansible-hardening : Check if syslog output is being sent to another server command ok aio1 Fri, 31 Jan 2020 15:48:32 +0000 00:00:00.281
ansible-hardening : Check for /tmp on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:48:32 +0000 00:00:00.162
ansible-hardening : Check for /var/log/audit on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:48:31 +0000 00:00:00.154
ansible-hardening : Check for /var on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:48:31 +0000 00:00:00.153
ansible-hardening : Check for /home on mounted filesystem debug ok aio1 Fri, 31 Jan 2020 15:48:31 +0000 00:00:00.160
ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled systemd changed aio1 Fri, 31 Jan 2020 15:48:30 +0000 00:00:00.846
ansible-hardening : Check autofs service command ok aio1 Fri, 31 Jan 2020 15:48:29 +0000 00:00:00.302
ansible-hardening : Check for unlabeled device files command skipped aio1 Fri, 31 Jan 2020 15:48:29 +0000 00:00:00.139
ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot selinux skipped aio1 Fri, 31 Jan 2020 15:48:28 +0000 00:00:00.140
ansible-hardening : Check if apparmor is running command ok aio1 Fri, 31 Jan 2020 15:48:27 +0000 00:00:00.302
ansible-hardening : Check apparmor_status output command ok aio1 Fri, 31 Jan 2020 15:48:27 +0000 00:00:00.406
ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled copy changed aio1 Fri, 31 Jan 2020 15:48:26 +0000 00:00:00.542
ansible-hardening : Check if FIPS is enabled command skipped aio1 Fri, 31 Jan 2020 15:48:25 +0000 00:00:00.137
ansible-hardening : Check kdump service command ok aio1 Fri, 31 Jan 2020 15:48:25 +0000 00:00:00.285
ansible-hardening : Set sysctl configurations sysctl changed aio1 Fri, 31 Jan 2020 15:48:22 +0000 00:00:02.558
ansible-hardening : V-71983 - USB mass storage must be disabled. lineinfile changed aio1 Fri, 31 Jan 2020 15:48:22 +0000 00:00:00.285
ansible-hardening : Create a GDM keyfile for machine-wide settings template skipped aio1 Fri, 31 Jan 2020 15:48:21 +0000 00:00:00.266
ansible-hardening : Create dconf directories file skipped aio1 Fri, 31 Jan 2020 15:48:20 +0000 00:00:00.161
ansible-hardening : Check for dconf profiles stat ok aio1 Fri, 31 Jan 2020 15:48:20 +0000 00:00:00.271
ansible-hardening : Check if gdm is installed and configured stat ok aio1 Fri, 31 Jan 2020 15:48:19 +0000 00:00:00.274
ansible-hardening : Check if /etc/cron.allow exists stat ok aio1 Fri, 31 Jan 2020 15:48:18 +0000 00:00:00.285
ansible-hardening : Find all world-writable directories shell skipped aio1 Fri, 31 Jan 2020 15:48:18 +0000 00:00:00.141
ansible-hardening : Set proper owner, group owner, and permissions on home directories file skipped aio1 Fri, 31 Jan 2020 15:48:18 +0000 00:00:00.186
ansible-hardening : Search for files/directories with an invalid group owner command skipped aio1 Fri, 31 Jan 2020 15:48:17 +0000 00:00:00.138
ansible-hardening : Search for files/directories with an invalid owner command skipped aio1 Fri, 31 Jan 2020 15:48:17 +0000 00:00:00.140
ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values shell skipped aio1 Fri, 31 Jan 2020 15:48:16 +0000 00:00:00.144
ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership shell skipped aio1 Fri, 31 Jan 2020 15:48:16 +0000 00:00:00.147
ansible-hardening : Remove .shosts or shosts.equiv files file skipped aio1 Fri, 31 Jan 2020 15:48:16 +0000 00:00:00.145
ansible-hardening : Ensure .shosts find has finished async_status skipped aio1 Fri, 31 Jan 2020 15:48:15 +0000 00:00:00.139
ansible-hardening : Check for pam_lastlog in PAM configuration command ok aio1 Fri, 31 Jan 2020 15:48:15 +0000 00:00:00.281
ansible-hardening : Check if GRUB2 custom file exists stat ok aio1 Fri, 31 Jan 2020 15:48:14 +0000 00:00:00.283
ansible-hardening : Check if sssd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:48:13 +0000 00:00:00.271
ansible-hardening : Check for '!authenticate' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:48:13 +0000 00:00:00.287
ansible-hardening : V-71947 - Users must provide a password for privilege escalation. debug ok aio1 Fri, 31 Jan 2020 15:48:12 +0000 00:00:00.163
ansible-hardening : Check for 'nopasswd' in sudoers files shell ok aio1 Fri, 31 Jan 2020 15:48:12 +0000 00:00:00.296
ansible-hardening : Prevent users with blank or null passwords from authenticating (SUSE) lineinfile skipped aio1 Fri, 31 Jan 2020 15:48:11 +0000 00:00:00.170
ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat) lineinfile skipped aio1 Fri, 31 Jan 2020 15:48:11 +0000 00:00:00.174
ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu) lineinfile changed aio1 Fri, 31 Jan 2020 15:48:10 +0000 00:00:00.322
ansible-hardening : Set pam_faildelay configuration on Ubuntu lineinfile changed aio1 Fri, 31 Jan 2020 15:48:10 +0000 00:00:00.306
ansible-hardening : Ensure auditd is running and enabled at boot time service ok aio1 Fri, 31 Jan 2020 15:48:09 +0000 00:00:00.397
ansible-hardening : Adjust auditd/audispd configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:48:08 +0000 00:00:00.932
ansible-hardening : Deploy rules for auditd based on STIG requirements template changed aio1 Fri, 31 Jan 2020 15:48:07 +0000 00:00:00.572
ansible-hardening : Remove old RHEL 6 audit rules file file ok aio1 Fri, 31 Jan 2020 15:48:07 +0000 00:00:00.299
ansible-hardening : Remove system default audit.rules file file changed aio1 Fri, 31 Jan 2020 15:48:06 +0000 00:00:00.305
ansible-hardening : Get valid system architectures for audit rules set_fact ok aio1 Fri, 31 Jan 2020 15:48:06 +0000 00:00:00.154
ansible-hardening : Verify that audisp-remote.conf exists stat ok aio1 Fri, 31 Jan 2020 15:48:05 +0000 00:00:00.286
ansible-hardening : Verify that auditd.conf exists stat ok aio1 Fri, 31 Jan 2020 15:48:05 +0000 00:00:00.292
ansible-hardening : Initialize AIDE (this will take a few minutes) shell skipped aio1 Fri, 31 Jan 2020 15:48:04 +0000 00:00:00.148
ansible-hardening : Check to see if AIDE database is already in place stat ok aio1 Fri, 31 Jan 2020 15:48:04 +0000 00:00:00.261
ansible-hardening : Configure AIDE to verify additional properties (Ubuntu) blockinfile changed aio1 Fri, 31 Jan 2020 15:48:03 +0000 00:00:00.292
ansible-hardening : Exclude certain directories from AIDE template changed aio1 Fri, 31 Jan 2020 15:48:02 +0000 00:00:00.556
ansible-hardening : Verify that AIDE configuration directory exists stat ok aio1 Fri, 31 Jan 2020 15:48:02 +0000 00:00:00.446
ansible-hardening : Print warning for users with an assigned home directory that does not exist debug ok aio1 Fri, 31 Jan 2020 15:48:01 +0000 00:00:00.174
ansible-hardening : Check each user to see if its home directory exists on the filesystem stat ok aio1 Fri, 31 Jan 2020 15:47:56 +0000 00:00:04.896
ansible-hardening : Get all accounts with UID 0 shell ok aio1 Fri, 31 Jan 2020 15:47:55 +0000 00:00:00.269
ansible-hardening : Apply shadow-utils configurations lineinfile changed aio1 Fri, 31 Jan 2020 15:47:55 +0000 00:00:00.500
ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:47:54 +0000 00:00:00.192
ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts shell skipped aio1 Fri, 31 Jan 2020 15:47:53 +0000 00:00:00.191
ansible-hardening : Check for SHA512 password storage in PAM command ok aio1 Fri, 31 Jan 2020 15:47:53 +0000 00:00:00.271
ansible-hardening : Set password quality requirements blockinfile changed aio1 Fri, 31 Jan 2020 15:47:52 +0000 00:00:00.320
ansible-hardening : Check if /etc/security/pwquality.conf exists stat ok aio1 Fri, 31 Jan 2020 15:47:52 +0000 00:00:00.293
ansible-hardening : V-71979 - Package management tool must verify authenticity of locally-installed packages lineinfile changed aio1 Fri, 31 Jan 2020 15:47:51 +0000 00:00:00.441
ansible-hardening : V-71977 - Package management tool must verify authenticity of packages debug ok aio1 Fri, 31 Jan 2020 15:47:50 +0000 00:00:00.270
ansible-hardening : Search for AllowUnauthenticated in /etc/apt/apt.conf.d/ command ok aio1 Fri, 31 Jan 2020 15:47:50 +0000 00:00:00.284
ansible-hardening : V-71855 - Get files with invalid checksums (apt) shell skipped aio1 Fri, 31 Jan 2020 15:47:49 +0000 00:00:00.138
ansible-hardening : include_tasks include_tasks ok aio1 Fri, 31 Jan 2020 15:47:48 +0000 00:00:00.142
ansible-hardening : Remove packages based on STIG requirements package ok aio1 Fri, 31 Jan 2020 15:47:48 +0000 00:00:00.651
ansible-hardening : Add packages based on STIG requirements package changed aio1 Fri, 31 Jan 2020 15:47:11 +0000 00:00:36.324
ansible-hardening : Get user data for all interactive users on the system get_users ok aio1 Fri, 31 Jan 2020 15:47:10 +0000 00:00:00.275
ansible-hardening : Get user data for all users on the system get_users ok aio1 Fri, 31 Jan 2020 15:47:10 +0000 00:00:00.544
ansible-hardening : Check for .shosts or shosts.equiv files find skipped aio1 Fri, 31 Jan 2020 15:47:09 +0000 00:00:00.144
ansible-hardening : Verify all installed RPM packages shell skipped aio1 Fri, 31 Jan 2020 15:47:09 +0000 00:00:00.138
ansible-hardening : Set a fact for the temporary directory set_fact ok aio1 Fri, 31 Jan 2020 15:47:09 +0000 00:00:00.162
ansible-hardening : Create temporary directory to hold any temporary files command ok aio1 Fri, 31 Jan 2020 15:47:08 +0000 00:00:00.286
ansible-hardening : Check if grub is present on the remote node stat ok aio1 Fri, 31 Jan 2020 15:47:08 +0000 00:00:00.287
ansible-hardening : Set facts set_fact ok aio1 Fri, 31 Jan 2020 15:47:07 +0000 00:00:00.150
ansible-hardening : Check to see if we are booting with EFI or UEFI set_fact ok aio1 Fri, 31 Jan 2020 15:47:07 +0000 00:00:00.152
ansible-hardening : Check for check/audit mode command ok aio1 Fri, 31 Jan 2020 15:47:07 +0000 00:00:00.276
ansible-hardening : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:47:06 +0000 00:00:00.197
openstack_hosts : Update CA store - Centos command changed aio1 Fri, 31 Jan 2020 15:47:04 +0000 00:00:00.979
openstack_hosts : Copy CA certificates copy skipped aio1 Fri, 31 Jan 2020 15:47:04 +0000 00:00:00.134
openstack_hosts : Update SSH keys authorized_key skipped aio1 Fri, 31 Jan 2020 15:47:04 +0000 00:00:00.138
openstack_hosts : Ensure ssh directory file ok aio1 Fri, 31 Jan 2020 15:47:03 +0000 00:00:00.282
openstack_hosts : Install user defined extra distro packages package skipped aio1 Fri, 31 Jan 2020 15:47:03 +0000 00:00:00.137
openstack_hosts : Install distro packages package changed aio1 Fri, 31 Jan 2020 15:47:00 +0000 00:00:02.399
openstack_hosts : Configure legacy alternative for ebtables on Debian alternatives changed aio1 Fri, 31 Jan 2020 15:47:00 +0000 00:00:00.475
openstack_hosts : Create a directory to hold systemd journals on disk file ok aio1 Fri, 31 Jan 2020 15:46:59 +0000 00:00:00.289
openstack_hosts : Enable sysstat cron template changed aio1 Fri, 31 Jan 2020 15:46:58 +0000 00:00:00.697
openstack_hosts : Enable sysstat config template changed aio1 Fri, 31 Jan 2020 15:46:57 +0000 00:00:00.578
openstack_hosts : Configure sysstat include_tasks ok aio1 Fri, 31 Jan 2020 15:46:57 +0000 00:00:00.156
openstack_hosts : Adding new system tuning sysctl changed aio1 Fri, 31 Jan 2020 15:46:47 +0000 00:00:09.754
openstack_hosts : Write list of modules to load at boot template changed aio1 Fri, 31 Jan 2020 15:46:46 +0000 00:00:00.702
openstack_hosts : Load kernel module(s) modprobe changed aio1 Fri, 31 Jan 2020 15:46:41 +0000 00:00:04.988
openstack_hosts : Fail fast if we can't load a module fail skipped aio1 Fri, 31 Jan 2020 15:46:40 +0000 00:00:00.243
openstack_hosts : check how kernel modules are implemented (statically builtin, dynamic, not set) slurp ok aio1 Fri, 31 Jan 2020 15:46:39 +0000 00:00:00.613
openstack_hosts : Install user defined extra distro packages for bare metal nodes package skipped aio1 Fri, 31 Jan 2020 15:46:38 +0000 00:00:00.215
openstack_hosts : Install distro packages for bare metal nodes package changed aio1 Fri, 31 Jan 2020 15:46:29 +0000 00:00:09.513
openstack_hosts : Update Apt cache apt skipped aio1 Fri, 31 Jan 2020 15:46:28 +0000 00:00:00.132
openstack_hosts : Add/Remove/Update standard and user defined repositories apt_repository skipped aio1 Fri, 31 Jan 2020 15:46:28 +0000 00:00:00.151
openstack_hosts : Remove any old UCA repository using the old filename file ok aio1 Fri, 31 Jan 2020 15:46:27 +0000 00:00:00.340
openstack_hosts : Add requirement packages (repositories gpg keys, toolkits...) apt ok aio1 Fri, 31 Jan 2020 15:46:26 +0000 00:00:00.709
openstack_hosts : Add/Remove repositories gpg keys manually apt_key skipped aio1 Fri, 31 Jan 2020 15:46:26 +0000 00:00:00.163
openstack_hosts : Apply package management distro specific configuration include_tasks ok aio1 Fri, 31 Jan 2020 15:46:25 +0000 00:00:00.149
openstack_hosts : Remove the blacklisted packages package ok aio1 Fri, 31 Jan 2020 15:46:24 +0000 00:00:01.000
openstack_hosts : Update hosts file command ok aio1 Fri, 31 Jan 2020 15:46:23 +0000 00:00:00.505
openstack_hosts : Stat host file stat ok aio1 Fri, 31 Jan 2020 15:46:23 +0000 00:00:00.289
openstack_hosts : Copy templated hosts file entries script template changed aio1 Fri, 31 Jan 2020 15:46:22 +0000 00:00:00.539
openstack_hosts : Drop hosts file entries script locally template changed aio1 Fri, 31 Jan 2020 15:46:21 +0000 00:00:00.593
openstack_hosts : Add global_environment_variables to environment file blockinfile changed aio1 Fri, 31 Jan 2020 15:46:21 +0000 00:00:00.456
openstack_hosts : Drop openstack release file template changed aio1 Fri, 31 Jan 2020 15:46:19 +0000 00:00:00.968
openstack_hosts : Allow the usage of local facts file changed aio1 Fri, 31 Jan 2020 15:46:19 +0000 00:00:00.275
openstack_hosts : Gather variables for each operating system include_vars ok aio1 Fri, 31 Jan 2020 15:46:19 +0000 00:00:00.179
Remove apt package manager proxy file ok aio1 Fri, 31 Jan 2020 15:46:17 +0000 00:00:00.530
include_tasks include_tasks ok aio1 Fri, 31 Jan 2020 15:46:17 +0000 00:00:00.138
Check for a supported Operating System assert ok aio1 Fri, 31 Jan 2020 15:46:16 +0000 00:00:00.150
Ensure python is installed raw ok aio1 Fri, 31 Jan 2020 15:46:14 +0000 00:00:00.369