f422da8599
Add support for the openSUSE Leap distributions. The security rules are similar to the RedHat and Ubuntu ones. We also replace ansible_os_family with ansible_pkg_mgr since the former does not return consistent results across different SUSE distributions especially on older Ansible versions. Change-Id: I20ffe17039bb641aad70d8123f0b7e7417a42cba
749 B
749 B
---id: V-72273 status: opt-in tag: misc ---
The STIG requires that a firewall is configured on each server. This
might be disruptive to some environments since the default firewall
policy for firewalld is very restrictive. Therefore, the
tasks in the security role do not install or enable the
firewalld daemon by default.
Deployers can opt in for this change by setting the following Ansible variable:
security_enable_firewalld: yesWarning
Deployers must pre-configure firewalld or copy over a
working XML file in /etc/firewalld/zones/ from another
server. The default firewalld restrictions on Ubuntu, CentOS, Red Hat
Enterprise Linux and openSUSE Leap are highly restrictive.