14:["$","div",null,{"className":"mx-auto max-w-7xl px-6 py-10","children":[["$","div",null,{"className":"mb-2","children":["$","$L2",null,{"href":"/stigs","className":"text-link text-sm hover:underline","children":"← Back to STIGs"}]}],["$","div",null,{"className":"mb-6 flex flex-wrap items-center gap-3","children":[["$","h1",null,{"className":"font-display text-3xl font-bold","children":"Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide"}],["$","span",null,{"className":"bg-badge-archived-bg text-badge-archived-text rounded-full px-3 py-1 text-xs font-medium","children":"Archived"}],["$","$L1e",null,{}]]}],["$","section",null,{"className":"border-border bg-surface mb-8 rounded-lg border p-6","children":[["$","div",null,{"className":"grid grid-cols-2 gap-4 sm:grid-cols-5","children":[["$","div",null,{"children":[["$","p",null,{"className":"text-text-muted text-xs","children":"Version"}],["$","p",null,{"className":"font-semibold","children":["V","1","R","2"]}]]}],["$","div",null,{"children":[["$","p",null,{"className":"text-text-muted text-xs","children":"Release Date"}],["$","p",null,{"className":"font-semibold","children":"Oct 25, 2023"}]]}],["$","div",null,{"className":"min-w-0","children":[["$","p",null,{"className":"text-text-muted text-xs","children":"SCAP Benchmark ID"}],["$","p",null,{"className":"truncate font-mono text-sm","title":"S-7e2afba3dc46a26c5de4512be00fc25c1456712c","children":"S-7e2afba3dc46a26c5de4512be00fc25c1456712c"}]]}],["$","div",null,{"children":[["$","p",null,{"className":"text-text-muted text-xs","children":"Total Checks"}],["$","p",null,{"className":"font-semibold","children":16}]]}],["$","div",null,{"children":[["$","p",null,{"className":"text-text-muted text-xs","children":"Tags"}],["$","div",null,{"className":"flex flex-wrap gap-1","children":[["$","span","application",{"className":"bg-tag-bg text-tag-text rounded-full px-2 py-0.5 text-xs","children":"application"}]]}]]}]]}],["$","div",null,{"className":"mt-4 flex gap-4","children":[["$","span",null,{"className":"bg-severity-high-bg text-severity-high-text rounded px-3 py-1 text-sm font-medium","children":["CAT I: ",1]}],["$","span",null,{"className":"bg-severity-medium-bg text-severity-medium-text rounded px-3 py-1 text-sm font-medium","children":["CAT II: ",15]}],["$","span",null,{"className":"bg-severity-low-bg text-severity-low-text rounded px-3 py-1 text-sm font-medium","children":["CAT III: ",0]}]]}],["$","p",null,{"className":"text-text-secondary mt-4 text-sm","children":"This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil."}],["$","div",null,{"className":"mt-4 flex flex-wrap gap-3","children":[["$","a",null,{"href":"/api/export/checklist?stigTitle=Red%20Hat%20Ansible%20Automation%20Controller%20Application%20Server%20Security%20Technical%20Implementation%20Guide&format=ckl","className":"text-text-primary hover:bg-surface-hover border-border rounded border px-3 py-1 text-sm","children":"Export CKL"}],["$","a",null,{"href":"/api/export/checklist?stigTitle=Red%20Hat%20Ansible%20Automation%20Controller%20Application%20Server%20Security%20Technical%20Implementation%20Guide&format=csv","className":"text-text-primary hover:bg-surface-hover border-border rounded border px-3 py-1 text-sm","children":"Export CSV"}],["$","a",null,{"href":"/api/export/checklist?stigTitle=Red%20Hat%20Ansible%20Automation%20Controller%20Application%20Server%20Security%20Technical%20Implementation%20Guide&format=json","className":"text-text-primary hover:bg-surface-hover border-border rounded border px-3 py-1 text-sm","children":"Export JSON"}],false]}]]}],["$","$L1f",null,{"checks":[{"id":"fa3aee5a-62b1-43ef-b16d-a52f65708700","vulnId":"V-256896","severity":"medium","ruleTitle":"Automation Controller must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.","description":"Application management includes the ability to control the number of sessions that utilize an application by all accounts and/or account types. Limiting the number of allowed sessions is helpful in limiting risks related to denial-of-service attacks.

Automation Controllers host and expose business logic and application processes.

Automation Controller limits the maximum number of concurrent sessions in a manner that affects the entire application server or on an individual application basis.

The settings must follow DOD-recommended values, but the settings should be configurable to allow for future DOD direction.

While the DOD will specify recommended values, the values can be adjusted to accommodate the operational requirement of a given system.

Satisfies: SRG-APP-000001-AS-000001, SRG-APP-000295-AS-000263","checkContent":"As a System Administrator for each Automation Controller host, navigate to the Automation Controller web administrator console:
Settings >> System >> Miscellaneous Authentication settings.

Verify the \"Maximum Number of simultaneous logged in sessions\" field is set according to policy.

If this configuration setting does not match the organizationally defined maximum, or is set to -1 (negative one), this is a finding.","fixText":"As a System Administrator for each Automation Controller host, navigate to the Automation Controller web administrator console:
Settings >> System >> Miscellaneous Authentication settings.

Click \"Edit\".

Change \"Maximum Number of simultaneous logged in sessions\" to match the organizationally defined maximum or greater than 0.

Click \"Save\"."},{"id":"3e430cf6-bd4a-4017-a0b7-86141feaa4e6","vulnId":"V-256897","severity":"medium","ruleTitle":"Automation Controller must use encryption strength in accordance with the categorization of the management data during remote access management sessions.","description":"Remote management access is accomplished by leveraging common communication protocols and establishing a remote connection to the application server via a network for the purposes of managing Automation Controller. If cryptography is not used, then the session data traversing the remote connection could be intercepted and compromised.\n\nAutomation Controller is accessed via standard HTTP (redirect)/HTTPS on standard ports, provided by NGINX. A self-signed certificate/key is installed by default; however, a user can provide a locally appropriate certificate and key per their organizational policy. SSL/TLS algorithm support is configured in the /etc./nginx/nginx.conf configuration file.\n\nSatisfies: SRG-APP-000014-AS-000009, SRG-APP-000142-AS-000014, SRG-APP-000172-AS-000120, SRG-APP-000441-AS-000258, SRG-APP-000442-AS-000259","checkContent":"As an unauthenticated user, open a new web browser and go to http://

If not redirected to https://, this is a finding.","fixText":"Enable HTTPS by running the following command:\n\n./setup.sh -e nginx_disable_https=false\n\nThe \"nginx_disable_https\" variable disables HTTPS traffic through NGINX, this is useful if offloading HTTPS to a load balancer.\n\nBy default, this variable is set to false in the installers \"roles/nginx/defaults/main.yml\" file. If a load balancer is not needed, ensure this value has not been set to true."},{"id":"dbcab5e2-b69f-44c8-868d-d818f6b7d2bc","vulnId":"V-256898","severity":"high","ruleTitle":"Automation Controller must implement cryptography mechanisms to protect the integrity of information.","description":"$20","checkContent":"As a System administrator for each Automation Controller host, check if the Operating System is FIPS enabled:

sysctl crypto.fips_enabled

If fips_enabled is not 1, this is a finding.

Verify the installed volume for Automation Controller is on a LUKS encrypted volume command:

AAPROOT='/var/lib/awx' && cryptsetup status `df -T ${AAPROOT} | cut -d ' ' -f 1 | tail -n 1 ` | grep type | grep -i luks || echo \"FAILED\"

If \"FAILED\" is displayed, this is a finding.

Verify this LUKS encrypted volume is using FIPS-compliant cryptographic functions command:

allowed_FIPS_ciphers=('aes.*\$256\\|384\\|512\$') ; echo \"${allowed_FIPS_ciphers[*]}\" | tr ' ' '\\n' >tempfile && cryptsetup status `df -T ${AAPROOT} | cut -d ' ' -f 1 | tail -n 1 ` | grep -e '\$cipher\\|keysize\$' | awk '{print $2}' | paste -s -d '-' | grep -f tempfile 1>/dev/null || echo \"FAILED\" && rm -f tempfile

If the output is not 1, this is a finding.","fixText":"$21"},{"id":"902fce13-9c55-4c4d-b85a-34b53e18d404","vulnId":"V-256899","severity":"medium","ruleTitle":"The Automation Controller management interface must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.","description":"$22","checkContent":"$23","fixText":"$24"},{"id":"8596e1dd-ceaf-4774-a9d7-1a701650842e","vulnId":"V-256900","severity":"medium","ruleTitle":"Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation.","description":"Automation Controller must be configured to use external logging to compile log records from multiple components within the server. The events occurring must be time-correlated in order to conduct accurate forensic analysis. In addition, the correlation must meet certain tolerance criteria. For instance, DOD may define that the time stamps of different logged events must not differ by any amount greater than ten seconds. Automation Controller must utilize an external logging tool that provides this capability.\n\nSatisfies: SRG-APP-000080-AS-000045, SRG-APP-000086-AS-000048, SRG-APP-000108-AS-000067, SRG-APP-000125-AS-000084, SRG-APP-000181-AS-000255, SRG-APP-000358-AS-000064, SRG-APP-000505-AS-000230, SRG-APP-000506-AS-000231, SRG-APP-000515-AS-000203","checkContent":"Log in to Automation Controller as an administrator.\n\nNavigate to Settings >> System >> Logging setting.\n\nThe following parameters must be set:\n\nEnable External Logging = On\n\nLogging Aggregator Level Threshold = DEBUG\n\nTCP Connection Timeout = 5 (default) or the organizational timeout\n\nEnable/disable HTTPS certificate verification = On\n\nLogging Aggregator <> (Default) \"Not configured\"\n\nIf any of these settings are incorrect, this is a finding.","fixText":"Log in to Automation Controller as an administrator.

Navigate to Settings >> System >> Logging setting.

Click \"Edit\" and set the following fields:

Enable External Logging = On

Logging Aggregator Level Threshold = DEBUG

TCP Connection Timeout = 5 (default) or the organizational timeout

Enable/disable HTTPS certificate verification = On

Logging Aggregator <> (Default) \"Not configured\"

Click \"Save\"."},{"id":"147cb7c5-fb15-48c8-be99-b3c7d09cb7e3","vulnId":"V-256901","severity":"medium","ruleTitle":"Automation Controller must allocate log record storage capacity and shut down by default upon log failure (unless availability is an overriding concern).","description":"$25","checkContent":"Administrator must check, for each Automation Controller host, the rsyslog configuration to verify the log rollover against an organizationally defined log capture size.\n\nCheck LOG_AGGREGATOR_MAX_DISK_USAGE_GB field in the Automation Controller configuration.\n\nOn the host, execute:\n\nawx-manage print_settings LOG_AGGREGATOR_MAX_DISK_USAGE_GB\n\nIf this field is not set to the organizationally defined log capture size, this is a finding.\n\nCheck LOG_AGGREGATOR_MAX_DISK_USAGE_PATH field in the Automation Controller configuration for the log file location to \"/var/lib/awx\".\n\nOn the host, execute:\nawx-manage print_settings LOG_AGGREGATOR_MAX_DISK_USAGE_PATH \n\nIf this field is not set to \"/var/lib/awx\", this is a finding.","fixText":"Open a web browser and navigate to: https:///api/v2/settings/logging/\n\n(If the \"Log In\" button is displayed, click it, enter an Automation Controller administrator's credentials, and continue.)\n\nIn the Content section, modify the following values:\n\nLOG_AGGREGATOR_MAX_DISK_USAGE_GB = organization-defined requirement for log buffering.\n\nLOG_AGGREGATOR_MAX_DISK_USAGE_PATH = \"/var/lib/awx\"\n\nClick \"PUT\"."},{"id":"aa749112-d4b9-4b14-9ee3-3fd7c581a82e","vulnId":"V-256902","severity":"medium","ruleTitle":"Automation Controller must be configured to fail over to another system in the event of log subsystem failure.","description":"Automation Controller hosts must be capable of failing over to another Automation Controller host which can handle application and logging functions upon detection of an application log processing failure. This will allow continual operation of the application and logging functions while minimizing the loss of operation for the users and loss of log data.\n\nSatisfies: SRG-APP-000109-AS-000070, SRG-APP-000225-AS-000154, SRG-APP-000435-AS-000069","checkContent":"The Administrator must check the Automation Controller is deployed in an HA configuration. \n\nAdministrator must check Automation Controller host via the REST API at api/v2/ping/ HA field for HA configuration. \n\nIf this field is not true, indicating Automation Controller is in an HA configuration, this is a finding.","fixText":"If Automation Controller is not in an HA configuration, the administrator must reinstall Automation Controller."},{"id":"5c33a85e-ae9a-45de-88a2-fa82488c63aa","vulnId":"V-256903","severity":"medium","ruleTitle":"Automation Controller's log files must be accessible by explicitly defined privilege.","description":"A failure of the confidentiality of Automation Controller log files would enable an attacker to identify key information about the system that they might not otherwise be able to obtain that would enable them to enumerate more information to enable escalation or lateral movement.\n\nSatisfies: SRG-APP-000118-AS-000078, SRG-APP-000119-AS-000079, SRG-APP-000120-AS-000080, SRG-APP-000121-AS-000081, SRG-APP-000122-AS-000082, SRG-APP-000123-AS-000083, SRG-APP-000267-AS-000170","checkContent":"As an administrator, log into each Automation Controller host. Inspect the current permissions and owner of Automation Controller's NGINX log directory:
stat -c \"%a %U %G\" /var/log/nginx/ | grep \"770 nginx root\" || echo \"FAILED\"

If \"FAILED\" is displayed, this is a finding.

Inspect the current permissions and owner of Automation Controller's log directory:
$ stat -c \"%a %U %G\" /var/log/tower/ | grep \"750 awx awx\" || echo \"FAILED\"

If \"FAILED\" is displayed, this is a finding.

Inspect the current permissions and owner of Automation Controller's supervisor log directory:
stat -c \"%a %U %G\" /var/log/supervisor/ | grep \"770 root root\" || echo \"FAILED\"

If \"FAILED\" is displayed, this is a finding.","fixText":"As a system administrator for each Automation Controller host, set the permissions and owner of Automation Controller's NGINX log directory:\nchmod 770 /var/log/nginx\nchown nginx:root /var/log/nginx\n\nSet the permissions and owner of Automation Controller's log directory: \nchmod 770 /var/log/tower\nchown awx:awx /var/log/tower\n\nSet the permissions and owner of Automation Controller's supervisor log directory:\nchmod 770 /var/log/supervisor/\nchown root:root /var/log/supervisor/"},{"id":"cb19465a-361f-4969-99a1-7da2a537ff81","vulnId":"V-256904","severity":"medium","ruleTitle":"Automation Controller must be capable of reverting to the last known good configuration in the event of failed installations and upgrades.","description":"Any changes to the components of Automation Controller can have significant effects on the overall security of the system.\n\nIn order to ensure a prompt response to failed application installations and application server upgrades, Automation Controller must provide an automated rollback capability that allows Automation Controller to be restored to a previous known good configuration state prior to the application installation or application server upgrade.","checkContent":"The administrator must make a backup of the last known good configuration of the Automation Controller on each host.\n\nLocate the installer bundle directory that contains the inventory file used to install Ansible Automation Platform.\n\nVerify a backup of the last known good configuration has been made and stored in accordance with the Automation Controller Documentation and organizationally defined policy:\nhttps://docs.ansible.com/automation-controller/latest/html/administration/backup_restore.html\n\nIf no such backup has been made, this is a finding.","fixText":"As System Administrator login to the Controller. Locate the installer bundle directory that contains the inventory file used to install Ansible Automation Platform. From there, run the setup.sh command with the \"-b\" option to perform a backup.\n Example: \"[[installation directory]]/setup.sh -b\"\n\nNote: To revert from a backup, refer to:\nhttps://docs.ansible.com/automation-controller/latest/html/administration/backup_restore.html"},{"id":"6fa05733-afc1-48a6-9a77-f97dbd17609a","vulnId":"V-256905","severity":"medium","ruleTitle":"Automation Controller must be configured to use an enterprise user management system.","description":"Unauthenticated application servers render the organization subject to exploitation. Therefore, application servers must be uniquely identified and authenticated to prevent unauthorized access.

Satisfies: SRG-APP-000148-AS-000101, SRG-APP-000149-AS-000102, SRG-APP-000151-AS-000103, SRG-APP-000177-AS-000126, SRG-APP-000389-AS-000253, SRG-APP-000390-AS-000254, SRG-APP-000391-AS-000239, SRG-APP-000392-AS-000240, SRG-APP-000400-AS-000246, SRG-APP-000401-AS-000243, SRG-APP-000402-AS-000247, SRG-APP-000403-AS-000248, SRG-APP-000404-AS-000249, SRG-APP-000405-AS-000250","checkContent":"The Administrator must check the Automation Controller web administrator console and verify the appropriate authentication provider is configured and the associated fields are complete and accurate.\n\nLog in to Automation Controller as an administrator and navigate to Settings >> Authentication.\n\nIf the organization-defined identity provider is not configured, or any associated fields are incomplete or inaccurate, this is a finding.","fixText":"Log in to Automation Controller as an administrator and navigate to Settings >> Authentication.

Configure the appropriate authentication provider and associated fields for the organization-defined identity provider:

Click on LDAP settings.

Click \"Edit\".

Configure/complete the fields.

Click \"Save\"."},{"id":"4dce1b26-840f-410e-9a7a-5a0a1e870931","vulnId":"V-256906","severity":"medium","ruleTitle":"Automation Controller must be configured to authenticate users individually, prior to using a group authenticator.","description":"Default superuser accounts, such as \"root\", are considered group authenticators. In the case of Automation Controller this is the \"admin\" account.","checkContent":"Log in to the Automation Controller web console as an administrator and navigate to Access >> Users.\n\nThe only local user allowed is the default/breakglass \"admin\". All other users need to come from an external authentication source. If any other local users exist, this is a finding.","fixText":"Log in to the Automation Controller web console as an administrator and navigate to Access >> Users.\n\nClick the Username to be removed.\n\nSelect \"Delete\" and confirm."},{"id":"356a19ba-485c-4a54-b868-97eacf5ccb62","vulnId":"V-256907","severity":"medium","ruleTitle":"Automation Controller must utilize encryption when using LDAP for authentication.","description":"To avoid access with malicious intent, passwords will need to be protected at all times. This includes transmission where passwords must be encrypted for security.","checkContent":"Log in to Automation Controller as an administrator and navigate to Settings >> Authentication >> LDAP settings.\n\nIf an LDAP server is configured but the \"LDAP SERVER URI\" field does not start with \"ldaps://\", this is a finding.","fixText":"Log in to Automation Controller as an administrator and navigate to Settings >> Authentication >> LDAP settings.

Click \"Edit\".

Modify the \"LDAP SERVER URI\" field so that it begins with \"ldaps://\".

Click \"Save\"."},{"id":"6e1dc1a7-0526-48e4-aa23-da96b1c1bb7e","vulnId":"V-256908","severity":"medium","ruleTitle":"Automation Controller must use cryptographic mechanisms to protect the integrity of log tools.","description":"Protecting the integrity of the tools used for logging purposes is a critical step in ensuring the integrity of log data. Log data includes all information (e.g., log records, log settings, and log reports) needed to successfully log information system activity.\n\nIt is not uncommon for attackers to replace the log tools or inject code into the existing tools for the purpose of providing the capability to hide or erase system activity from the logs.\n\nTo address this risk, log tools must be cryptographically signed in order to provide the capability to identify when the log tools have been modified, manipulated, or replaced. An example is a checksum hash of the file or files.\n\nAutomation Controller server log tools must use cryptographic mechanisms to protect the integrity of the tools or allow cryptographic protection mechanisms to be applied to their tools.","checkContent":"As an administrator, log in to each Automation Controller host.\n\nVerify the correct Red Hat RPM signing key is available on each host by listing the keys using the following command:\n\nrpm -qa gpg-pubkey*\n\nManually inspect against publicly listed keys on https://www.redhat.com. If the keys do not match, this is a finding.\n\nImport the key using the following command:\n\nrpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release\n\nVerify the signatures of installed RPMs necessary for Automation Controller:\n\nFor RPM in $(rpm -qa); do rpm -K --nosignature ${RPM} | grep \"NOT OK\" && return 1; done ; echo \"FAILED\"\n\nIf this outputs \"FAILED\", this is a finding.","fixText":"The administrator must reinstall all Automation Controller hosts and Automation Controller."},{"id":"4b9bd3d1-0514-4f61-a6f4-20cfc6682cc9","vulnId":"V-256909","severity":"medium","ruleTitle":"Automation Controller must compare internal application server clocks at least every 24 hours with an authoritative time source.","description":"When conducting forensic analysis and investigating system events, it is critical that timestamps accurately reflect the time of application events. If timestamps are not deemed to be accurate, the integrity of the forensic analysis and the associated determinations are at stake. This leaves the organization and the system vulnerable to intrusions.\n\nSatisfies: SRG-APP-000371-AS-000077, SRG-APP-000372-AS-000212","checkContent":"As a system administrator for each Automation Controller host, ensure the NTP client is configured to synchronize to an organizationally defined NTP server:\n\nchronyc sources\n\nIf the Automation Controller host is not configured to use an organizationally defined NTP server, this is a finding.\n\nEnsure the NTP time synchronization is operational:\n\nchronyc activity | head -n 1 | grep \"200 OK\" >/dev/null || echo \"FAILED\"\nsudo systemctl is-active chrony > /dev/null|| echo \"FAILED\"\n\nIf \"FAILED\" is displayed, this is a finding.","fixText":"As a system administrator, for each Automation Controller host, configure the NTP client to synchronize to an organizationally defined NTP server:\n\nvi /etc/chrony.conf\n\nRestart the Automation Controller host:\n\n$ shutdown -r"},{"id":"839e5d96-041c-469f-ad0f-95f473284e09","vulnId":"V-256910","severity":"medium","ruleTitle":"Automation Controller must only allow the use of DOD PKI-established certificate authorities for verification of the establishment of protected sessions.","description":"An untrusted source may leave the system vulnerable to issues such as unauthorized access, reduced data integrity, loss of confidentiality, etc.\n\nSatisfies: SRG-APP-000427-AS-000264, SRG-APP-000514-AS-000137","checkContent":"$26","fixText":"For each Automation Controller host, the administrator must:\n\nDownload the >>>>;\n\nGenerate the appropriate /etc/tower/tower.key files, certificates, and CSRs and have the organizationally defined PKI authority issue a certificate signed by the >>>>;\n\nPlace the signed certificate in /etc/tower/tower.cert.\n\nPlace the >>>> in /etc/pki/ca-trust/source/anchors.\n\nExecute:\nupdate-ca-trust extract && update-ca-trust;\n\nDownload the latest DOD PKI CA certificate bundle:\n\ncurl https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/certificates_pkcs7_DOD.zip > /root/certificates_pkcs7_DOD.z && gunzip /root/certificates_pkcs7_DOD.z > /etc/pki/ca-trust/source/anchors\n\nInstall trusted root and intermediate CA certificates:\n\nupdate-ca-trust extract && update-ca-trust;"},{"id":"b9b5ae4a-1da2-450b-be3f-fc8d7a5840f3","vulnId":"V-256911","severity":"medium","ruleTitle":"Automation Controller must install security-relevant software updates within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).","description":"Security relevant software updates must be installed within the timeframes directed by an authoritative source in order to maintain the integrity and confidentiality of the system and its organizational assets.","checkContent":"As a system administrator for each Automation Controller host inspect the status of the DNF Automatic timer:\n\nsystemctl status dnf-automatic.timer\n\nIf \"Active: active\" is not included in the output, this is a finding.\n\nInspect the configuration of DNF Automatic:\n\n grep apply_updates /etc/dnf/automatic.conf\n\nIf \"apply_updates = yes\" is not displayed, this is a finding.","fixText":"Install and enable DNF Automatic:\n\ndnf install dnf-automatic\n(run the install)\nsystemctl enable --now dnf-automatic.timer\n\nModify /etc/dnf/automatic.conf and set \"apply_updates = yes\"."}]}]]}]

Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide

Checks (16)