f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
22 lines
721 B
ReStructuredText
22 lines
721 B
ReStructuredText
---
|
|
id: V-71999
|
|
status: opt-in
|
|
tag: packages
|
|
---
|
|
|
|
Although the STIG requires that security patches and updates are applied when
|
|
they are made available, this might be disruptive to some systems. Therefore,
|
|
the tasks in the security role will not configure automatic updates by default.
|
|
|
|
Deployers can opt in for automatic package updates by setting the following
|
|
Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_rhel7_automatic_package_updates: yes
|
|
|
|
When enabled, the tasks install and configure ``yum-cron`` on CentOS and Red
|
|
Hat Enterprise Linux. On Ubuntu systems, the ``unattended-upgrades`` package
|
|
is installed and configured. On openSUSE Leap and SUSE Linux Enterprise systems,
|
|
a daily cronjob is installed.
|