Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add note about docker under warning

Browse source 
Signed-off-by: Chris McKee <pcdevils@gmail.com>
This commit is contained in:
Chris McKee 2019-03-27 13:02:28 +00:00 committed by Chris McKee
parent 66f6c3c8cf
commit 9108a83a03
No known key found for this signature in database
GPG key ID: 6857CBD5EB59E0C5
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -35,6 +35,20 @@ It will not:
If you're using inspec to test your machines after applying this role, please make sure to add the connecting user to the `os_ignore_users`-variable.
Otherwise inspec will fail. For more information, see [issue #124](https://github.com/dev-sec/ansible-os-hardening/issues/124).
If you're using Docker / Kubernetes+Docker you'll need to override the ipv4 ip forward sysctl setting.
```yaml
- hosts: localhost
roles:
- dev-sec.os-hardening
vars:
sysctl_overwrite:
# Enable IPv4 traffic forwarding.
net.ipv4.ip_forward: 1
```
## Variables
| Name | Default Value | Description |