f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
721 B
721 B
---id: V-71999 status: opt-in tag: packages ---
Although the STIG requires that security patches and updates are applied when they are made available, this might be disruptive to some systems. Therefore, the tasks in the security role will not configure automatic updates by default.
Deployers can opt in for automatic package updates by setting the following Ansible variable:
security_rhel7_automatic_package_updates: yesWhen enabled, the tasks install and configure yum-cron
on CentOS and Red Hat Enterprise Linux. On Ubuntu systems, the
unattended-upgrades package is installed and configured. On
openSUSE Leap and SUSE Linux Enterprise systems, a daily cronjob is
installed.