Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 05:11:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

update changelog

Browse source
This commit is contained in:
dev-sec CI 2021-05-05 19:08:21 +00:00
parent 66b0fa28e5
commit 0ce08455ef
1 changed files with 236 additions and 225 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

461
CHANGELOG.md
View file

@ -1,18 +1,29 @@
# Changelog
## [7.6.1](https://github.com/dev-sec/ansible-collection-hardening/tree/7.6.1) (2021-04-28)
## [7.7.0](https://github.com/dev-sec/ansible-collection-hardening/tree/7.7.0) (2021-05-05)
[Full Changelog](https://github.com/dev-sec/ansible-collection-hardening/compare/7.6.0...7.6.1)
[Full Changelog](https://github.com/dev-sec/ansible-collection-hardening/compare/7.6.0...7.7.0)
**Implemented enhancements:**
- Add tasks for new controls [\#123](https://github.com/dev-sec/ansible-collection-hardening/issues/123) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[hacktoberfest](https://github.com/dev-sec/ansible-collection-hardening/labels/hacktoberfest)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- ssh\_allow\_tcp\_forwarding remote option added [\#447](https://github.com/dev-sec/ansible-collection-hardening/pull/447) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([alimli](https://github.com/alimli))
**Fixed bugs:**
- Check for MariaDB Version when selecting users without passwords [\#444](https://github.com/dev-sec/ansible-collection-hardening/pull/444) ([neubi4](https://github.com/neubi4))
- Adds dependency on ansible.posix and community.general [\#415](https://github.com/dev-sec/ansible-collection-hardening/pull/415) ([irl](https://github.com/irl))
- Check for MariaDB Version when selecting users without passwords [\#444](https://github.com/dev-sec/ansible-collection-hardening/pull/444) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([neubi4](https://github.com/neubi4))
- Adds dependency on ansible.posix and community.general [\#415](https://github.com/dev-sec/ansible-collection-hardening/pull/415) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([irl](https://github.com/irl))
**Closed issues:**
- No dependency on ansible.posix collection [\#414](https://github.com/dev-sec/ansible-collection-hardening/issues/414)
- No dependency on community.general [\#413](https://github.com/dev-sec/ansible-collection-hardening/issues/413)
- in lxc/docker/openvz IPv6 is always disabled by ufw-configuration [\#402](https://github.com/dev-sec/ansible-collection-hardening/issues/402)
- Allow login\_unix\_socket to be specified [\#327](https://github.com/dev-sec/ansible-collection-hardening/issues/327)
**Merged pull requests:**
- add back labels to changelog [\#446](https://github.com/dev-sec/ansible-collection-hardening/pull/446) ([rndmh3ro](https://github.com/rndmh3ro))
## [7.6.0](https://github.com/dev-sec/ansible-collection-hardening/tree/7.6.0) (2021-04-27)
@ -20,11 +31,11 @@
**Implemented enhancements:**
- ssh: Client HostKeyAlgorithms configuration variable [\#442](https://github.com/dev-sec/ansible-collection-hardening/pull/442) ([sepek](https://github.com/sepek))
- ssh: Client HostKeyAlgorithms configuration variable [\#442](https://github.com/dev-sec/ansible-collection-hardening/pull/442) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([sepek](https://github.com/sepek))
**Fixed bugs:**
- mysql USER and HOST should be quoted for drop query [\#443](https://github.com/dev-sec/ansible-collection-hardening/pull/443) ([neubi4](https://github.com/neubi4))
- mysql USER and HOST should be quoted for drop query [\#443](https://github.com/dev-sec/ansible-collection-hardening/pull/443) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([neubi4](https://github.com/neubi4))
**Closed issues:**
@ -32,7 +43,7 @@
**Merged pull requests:**
- fixed a typo in comments [\#439](https://github.com/dev-sec/ansible-collection-hardening/pull/439) ([ssttehrani](https://github.com/ssttehrani))
- fixed a typo in comments [\#439](https://github.com/dev-sec/ansible-collection-hardening/pull/439) [[documentation](https://github.com/dev-sec/ansible-collection-hardening/labels/documentation)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([ssttehrani](https://github.com/ssttehrani))
## [7.5.0](https://github.com/dev-sec/ansible-collection-hardening/tree/7.5.0) (2021-04-01)
@ -40,12 +51,12 @@
**Implemented enhancements:**
- Not accepting source routing for IPv6. This was already done for IPv4. [\#424](https://github.com/dev-sec/ansible-collection-hardening/pull/424) ([joubbi](https://github.com/joubbi))
- Not accepting source routing for IPv6. This was already done for IPv4. [\#424](https://github.com/dev-sec/ansible-collection-hardening/pull/424) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([joubbi](https://github.com/joubbi))
**Fixed bugs:**
- SSH kex sntrup4591761x25519-sha512@tinyssh.org replaced [\#433](https://github.com/dev-sec/ansible-collection-hardening/issues/433)
- Fix ssh kex sntrup761x25519-sha512@openssh.com for openssh \>= 8.5 [\#437](https://github.com/dev-sec/ansible-collection-hardening/pull/437) ([BenjaminBoehm](https://github.com/BenjaminBoehm))
- SSH kex sntrup4591761x25519-sha512@tinyssh.org replaced [\#433](https://github.com/dev-sec/ansible-collection-hardening/issues/433) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Fix ssh kex sntrup761x25519-sha512@openssh.com for openssh \>= 8.5 [\#437](https://github.com/dev-sec/ansible-collection-hardening/pull/437) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([BenjaminBoehm](https://github.com/BenjaminBoehm))
**Closed issues:**
@ -53,12 +64,12 @@
**Merged pull requests:**
- remove secure-auth param if mysql \>= 8.0.3 [\#438](https://github.com/dev-sec/ansible-collection-hardening/pull/438) ([rndmh3ro](https://github.com/rndmh3ro))
- Improved comments. [\#436](https://github.com/dev-sec/ansible-collection-hardening/pull/436) ([joubbi](https://github.com/joubbi))
- os\_auth\_pam\_pwquality\_options: Changed type to authtok\_type [\#432](https://github.com/dev-sec/ansible-collection-hardening/pull/432) ([joubbi](https://github.com/joubbi))
- add restart-auditd handler after configuration change [\#427](https://github.com/dev-sec/ansible-collection-hardening/pull/427) ([rndmh3ro](https://github.com/rndmh3ro))
- add new tasks to delete mysql users without passwords [\#423](https://github.com/dev-sec/ansible-collection-hardening/pull/423) ([rndmh3ro](https://github.com/rndmh3ro))
- Uppercased first letter of task names. [\#422](https://github.com/dev-sec/ansible-collection-hardening/pull/422) ([joubbi](https://github.com/joubbi))
- remove secure-auth param if mysql \>= 8.0.3 [\#438](https://github.com/dev-sec/ansible-collection-hardening/pull/438) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://github.com/rndmh3ro))
- Improved comments. [\#436](https://github.com/dev-sec/ansible-collection-hardening/pull/436) [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([joubbi](https://github.com/joubbi))
- os\_auth\_pam\_pwquality\_options: Changed type to authtok\_type [\#432](https://github.com/dev-sec/ansible-collection-hardening/pull/432) [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([joubbi](https://github.com/joubbi))
- add restart-auditd handler after configuration change [\#427](https://github.com/dev-sec/ansible-collection-hardening/pull/427) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://github.com/rndmh3ro))
- add new tasks to delete mysql users without passwords [\#423](https://github.com/dev-sec/ansible-collection-hardening/pull/423) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://github.com/rndmh3ro))
- Uppercased first letter of task names. [\#422](https://github.com/dev-sec/ansible-collection-hardening/pull/422) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([joubbi](https://github.com/joubbi))
## [7.4.0](https://github.com/dev-sec/ansible-collection-hardening/tree/7.4.0) (2021-03-23)
@ -66,7 +77,7 @@
**Implemented enhancements:**
- Harden user home dirs [\#428](https://github.com/dev-sec/ansible-collection-hardening/pull/428) ([rndmh3ro](https://github.com/rndmh3ro))
- Harden user home dirs [\#428](https://github.com/dev-sec/ansible-collection-hardening/pull/428) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([rndmh3ro](https://github.com/rndmh3ro))
**Closed issues:**
@ -74,10 +85,10 @@
**Merged pull requests:**
- Use pam\_pwhistory.so instead of pam\_unix.so for remembering old passwords [\#431](https://github.com/dev-sec/ansible-collection-hardening/pull/431) ([joubbi](https://github.com/joubbi))
- Remove comments from PAM config file, but keep it in the template [\#430](https://github.com/dev-sec/ansible-collection-hardening/pull/430) ([joubbi](https://github.com/joubbi))
- add support for using a proxy to test with molecule [\#429](https://github.com/dev-sec/ansible-collection-hardening/pull/429) ([rndmh3ro](https://github.com/rndmh3ro))
- Improve Documentation for sysctl defaults [\#418](https://github.com/dev-sec/ansible-collection-hardening/pull/418) ([joubbi](https://github.com/joubbi))
- Use pam\_pwhistory.so instead of pam\_unix.so for remembering old passwords [\#431](https://github.com/dev-sec/ansible-collection-hardening/pull/431) [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([joubbi](https://github.com/joubbi))
- Remove comments from PAM config file, but keep it in the template [\#430](https://github.com/dev-sec/ansible-collection-hardening/pull/430) [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([joubbi](https://github.com/joubbi))
- add support for using a proxy to test with molecule [\#429](https://github.com/dev-sec/ansible-collection-hardening/pull/429) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([rndmh3ro](https://github.com/rndmh3ro))
- Improve Documentation for sysctl defaults [\#418](https://github.com/dev-sec/ansible-collection-hardening/pull/418) [[documentation](https://github.com/dev-sec/ansible-collection-hardening/labels/documentation)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([joubbi](https://github.com/joubbi))
## [7.3.0](https://github.com/dev-sec/ansible-collection-hardening/tree/7.3.0) (2021-03-16)
@ -85,16 +96,16 @@
**Implemented enhancements:**
- pam\_tally2 is deprecated in RHEL8 and pam\_faillock should be used in EL7 and EL8 instead. [\#377](https://github.com/dev-sec/ansible-collection-hardening/issues/377)
- Replace pam\_tally2 with pam\_faillock in Redhat [\#273](https://github.com/dev-sec/ansible-collection-hardening/issues/273)
- Extend GSSAPI configuration support to ssh\_config [\#403](https://github.com/dev-sec/ansible-collection-hardening/pull/403) ([wzzrd](https://github.com/wzzrd))
- add restart handler variable for mysql role [\#399](https://github.com/dev-sec/ansible-collection-hardening/pull/399) ([rndmh3ro](https://github.com/rndmh3ro))
- restructure PAM handling and update for currently supported Linux distributions [\#392](https://github.com/dev-sec/ansible-collection-hardening/pull/392) ([schurzi](https://github.com/schurzi))
- pam\_tally2 is deprecated in RHEL8 and pam\_faillock should be used in EL7 and EL8 instead. [\#377](https://github.com/dev-sec/ansible-collection-hardening/issues/377) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)]
- Replace pam\_tally2 with pam\_faillock in Redhat [\#273](https://github.com/dev-sec/ansible-collection-hardening/issues/273) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)]
- Extend GSSAPI configuration support to ssh\_config [\#403](https://github.com/dev-sec/ansible-collection-hardening/pull/403) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([wzzrd](https://github.com/wzzrd))
- add restart handler variable for mysql role [\#399](https://github.com/dev-sec/ansible-collection-hardening/pull/399) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] ([rndmh3ro](https://github.com/rndmh3ro))
- restructure PAM handling and update for currently supported Linux distributions [\#392](https://github.com/dev-sec/ansible-collection-hardening/pull/392) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([schurzi](https://github.com/schurzi))
**Fixed bugs:**
- Not able to use `sudo` command for user authenticated via ActiveDirectory [\#278](https://github.com/dev-sec/ansible-collection-hardening/issues/278)
- You shouldn't touch /etc/pam.d/system-auth-ac in RedHat/CentOS [\#252](https://github.com/dev-sec/ansible-collection-hardening/issues/252)
- Not able to use `sudo` command for user authenticated via ActiveDirectory [\#278](https://github.com/dev-sec/ansible-collection-hardening/issues/278) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)]
- You shouldn't touch /etc/pam.d/system-auth-ac in RedHat/CentOS [\#252](https://github.com/dev-sec/ansible-collection-hardening/issues/252) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)]
**Closed issues:**
@ -102,17 +113,17 @@
- Unable to connect with SSH \(Permission denied \(publickey\)\) [\#411](https://github.com/dev-sec/ansible-collection-hardening/issues/411)
- TASK \[os\_hardening : configure auditd | package-08\] [\#410](https://github.com/dev-sec/ansible-collection-hardening/issues/410)
- Collection throws undefined ansible\_role\_name error in auditd task [\#409](https://github.com/dev-sec/ansible-collection-hardening/issues/409)
- Ensure permissions on /etc/crontab are configured [\#375](https://github.com/dev-sec/ansible-collection-hardening/issues/375)
- Ensure permissions on /etc/crontab are configured [\#375](https://github.com/dev-sec/ansible-collection-hardening/issues/375) [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)]
- Documentation should be updated [\#361](https://github.com/dev-sec/ansible-collection-hardening/issues/361)
**Merged pull requests:**
- Improve Release Action [\#421](https://github.com/dev-sec/ansible-collection-hardening/pull/421) ([schurzi](https://github.com/schurzi))
- remove FQCN from roles in examples [\#420](https://github.com/dev-sec/ansible-collection-hardening/pull/420) ([schurzi](https://github.com/schurzi))
- Ensure permissions on /etc/crontab are configured [\#405](https://github.com/dev-sec/ansible-collection-hardening/pull/405) ([joubbi](https://github.com/joubbi))
- remove FQCN from roles in examples [\#404](https://github.com/dev-sec/ansible-collection-hardening/pull/404) ([schurzi](https://github.com/schurzi))
- do not install mysql python package on target host [\#401](https://github.com/dev-sec/ansible-collection-hardening/pull/401) ([rndmh3ro](https://github.com/rndmh3ro))
- make wrong password fail task [\#400](https://github.com/dev-sec/ansible-collection-hardening/pull/400) ([rndmh3ro](https://github.com/rndmh3ro))
- Improve Release Action [\#421](https://github.com/dev-sec/ansible-collection-hardening/pull/421) [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([schurzi](https://github.com/schurzi))
- remove FQCN from roles in examples [\#420](https://github.com/dev-sec/ansible-collection-hardening/pull/420) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://github.com/schurzi))
- Ensure permissions on /etc/crontab are configured [\#405](https://github.com/dev-sec/ansible-collection-hardening/pull/405) [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([joubbi](https://github.com/joubbi))
- remove FQCN from roles in examples [\#404](https://github.com/dev-sec/ansible-collection-hardening/pull/404) [[documentation](https://github.com/dev-sec/ansible-collection-hardening/labels/documentation)] [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://github.com/schurzi))
- do not install mysql python package on target host [\#401](https://github.com/dev-sec/ansible-collection-hardening/pull/401) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] ([rndmh3ro](https://github.com/rndmh3ro))
- make wrong password fail task [\#400](https://github.com/dev-sec/ansible-collection-hardening/pull/400) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] ([rndmh3ro](https://github.com/rndmh3ro))
## [7.2.0](https://github.com/dev-sec/ansible-collection-hardening/tree/7.2.0) (2021-02-10)
@ -120,13 +131,13 @@
**Implemented enhancements:**
- Add variable to specify SSH host RSA key size [\#394](https://github.com/dev-sec/ansible-collection-hardening/pull/394) ([Normo](https://github.com/Normo))
- Set default for ssh host key files only when hardening the server [\#393](https://github.com/dev-sec/ansible-collection-hardening/pull/393) ([Normo](https://github.com/Normo))
- Add variable to specify SSH host RSA key size [\#394](https://github.com/dev-sec/ansible-collection-hardening/pull/394) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([Normo](https://github.com/Normo))
- Set default for ssh host key files only when hardening the server [\#393](https://github.com/dev-sec/ansible-collection-hardening/pull/393) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([Normo](https://github.com/Normo))
**Fixed bugs:**
- A reason why instance would go in rescue mode ? [\#267](https://github.com/dev-sec/ansible-collection-hardening/issues/267)
- fix galaxy action to update local galaxy.yml [\#395](https://github.com/dev-sec/ansible-collection-hardening/pull/395) ([Normo](https://github.com/Normo))
- A reason why instance would go in rescue mode ? [\#267](https://github.com/dev-sec/ansible-collection-hardening/issues/267) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- fix galaxy action to update local galaxy.yml [\#395](https://github.com/dev-sec/ansible-collection-hardening/pull/395) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([Normo](https://github.com/Normo))
**Closed issues:**
@ -137,7 +148,7 @@
**Merged pull requests:**
- update ansible-lint to version 5 [\#397](https://github.com/dev-sec/ansible-collection-hardening/pull/397) ([schurzi](https://github.com/schurzi))
- update ansible-lint to version 5 [\#397](https://github.com/dev-sec/ansible-collection-hardening/pull/397) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://github.com/schurzi))
- fix minimum required ansible version in docs [\#390](https://github.com/dev-sec/ansible-collection-hardening/pull/390) ([schurzi](https://github.com/schurzi))
## [7.1.1](https://github.com/dev-sec/ansible-collection-hardening/tree/7.1.1) (2021-02-05)
@ -146,7 +157,7 @@
**Fixed bugs:**
- use fqcn for community.crypto.openssh\_keypair module [\#389](https://github.com/dev-sec/ansible-collection-hardening/pull/389) ([schurzi](https://github.com/schurzi))
- use fqcn for community.crypto.openssh\_keypair module [\#389](https://github.com/dev-sec/ansible-collection-hardening/pull/389) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://github.com/schurzi))
**Closed issues:**
@ -158,35 +169,35 @@
**Implemented enhancements:**
- Default value for ssh\_max\_startups should be changed [\#366](https://github.com/dev-sec/ansible-collection-hardening/issues/366)
- Comment in configuration files should state which collection was there [\#345](https://github.com/dev-sec/ansible-collection-hardening/issues/345)
- Error on applying the sysctl vars on Debian Jessy [\#230](https://github.com/dev-sec/ansible-collection-hardening/issues/230)
- add Support for OpenSSH HostCertificate config option [\#380](https://github.com/dev-sec/ansible-collection-hardening/pull/380) ([mpraeger](https://github.com/mpraeger))
- Syncookie [\#372](https://github.com/dev-sec/ansible-collection-hardening/pull/372) ([joubbi](https://github.com/joubbi))
- Sorted sysctl values and lists in READMEs alphabetically \(No functional changes\). [\#371](https://github.com/dev-sec/ansible-collection-hardening/pull/371) ([joubbi](https://github.com/joubbi))
- make auditd 'max\_log\_file' configurable [\#370](https://github.com/dev-sec/ansible-collection-hardening/pull/370) ([tgueldner-mms](https://github.com/tgueldner-mms))
- reduce maximum unauthenticated ssh sessions [\#368](https://github.com/dev-sec/ansible-collection-hardening/pull/368) ([schurzi](https://github.com/schurzi))
- add a runtime.yml to declare minimum ansible version [\#363](https://github.com/dev-sec/ansible-collection-hardening/pull/363) ([rndmh3ro](https://github.com/rndmh3ro))
- change inclusion of os specific defaults [\#353](https://github.com/dev-sec/ansible-collection-hardening/pull/353) ([schurzi](https://github.com/schurzi))
- make the os\_env\_umask variable usable [\#351](https://github.com/dev-sec/ansible-collection-hardening/pull/351) ([sprat](https://github.com/sprat))
- Fix \#348: make ssh configuration files paths configurable [\#350](https://github.com/dev-sec/ansible-collection-hardening/pull/350) ([sprat](https://github.com/sprat))
- Removed Protocol statement in later versions of sshd, since the code … [\#342](https://github.com/dev-sec/ansible-collection-hardening/pull/342) ([joubbi](https://github.com/joubbi))
- Improvements of comments in opensshd.conf.j2 \#338 [\#339](https://github.com/dev-sec/ansible-collection-hardening/pull/339) ([joubbi](https://github.com/joubbi))
- Default value for ssh\_max\_startups should be changed [\#366](https://github.com/dev-sec/ansible-collection-hardening/issues/366) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)]
- Comment in configuration files should state which collection was there [\#345](https://github.com/dev-sec/ansible-collection-hardening/issues/345) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)]
- Error on applying the sysctl vars on Debian Jessy [\#230](https://github.com/dev-sec/ansible-collection-hardening/issues/230) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[hacktoberfest](https://github.com/dev-sec/ansible-collection-hardening/labels/hacktoberfest)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- add Support for OpenSSH HostCertificate config option [\#380](https://github.com/dev-sec/ansible-collection-hardening/pull/380) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([mpraeger](https://github.com/mpraeger))
- Syncookie [\#372](https://github.com/dev-sec/ansible-collection-hardening/pull/372) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([joubbi](https://github.com/joubbi))
- Sorted sysctl values and lists in READMEs alphabetically \(No functional changes\). [\#371](https://github.com/dev-sec/ansible-collection-hardening/pull/371) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([joubbi](https://github.com/joubbi))
- make auditd 'max\_log\_file' configurable [\#370](https://github.com/dev-sec/ansible-collection-hardening/pull/370) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([tgueldner-mms](https://github.com/tgueldner-mms))
- reduce maximum unauthenticated ssh sessions [\#368](https://github.com/dev-sec/ansible-collection-hardening/pull/368) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://github.com/schurzi))
- add a runtime.yml to declare minimum ansible version [\#363](https://github.com/dev-sec/ansible-collection-hardening/pull/363) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- change inclusion of os specific defaults [\#353](https://github.com/dev-sec/ansible-collection-hardening/pull/353) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([schurzi](https://github.com/schurzi))
- make the os\_env\_umask variable usable [\#351](https://github.com/dev-sec/ansible-collection-hardening/pull/351) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([sprat](https://github.com/sprat))
- Fix \#348: make ssh configuration files paths configurable [\#350](https://github.com/dev-sec/ansible-collection-hardening/pull/350) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([sprat](https://github.com/sprat))
- Removed Protocol statement in later versions of sshd, since the code … [\#342](https://github.com/dev-sec/ansible-collection-hardening/pull/342) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([joubbi](https://github.com/joubbi))
- Improvements of comments in opensshd.conf.j2 \#338 [\#339](https://github.com/dev-sec/ansible-collection-hardening/pull/339) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([joubbi](https://github.com/joubbi))
**Fixed bugs:**
- Comments in opensshd.conf.j2 should be improved [\#338](https://github.com/dev-sec/ansible-collection-hardening/issues/338)
- check for correct cpu vendor in initramfs-tools [\#374](https://github.com/dev-sec/ansible-collection-hardening/pull/374) ([schurzi](https://github.com/schurzi))
- set hidepid=0 on RHEL/CentOS 7 [\#369](https://github.com/dev-sec/ansible-collection-hardening/pull/369) ([schurzi](https://github.com/schurzi))
- Comments in opensshd.conf.j2 should be improved [\#338](https://github.com/dev-sec/ansible-collection-hardening/issues/338) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- check for correct cpu vendor in initramfs-tools [\#374](https://github.com/dev-sec/ansible-collection-hardening/pull/374) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([schurzi](https://github.com/schurzi))
- set hidepid=0 on RHEL/CentOS 7 [\#369](https://github.com/dev-sec/ansible-collection-hardening/pull/369) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([schurzi](https://github.com/schurzi))
**Closed issues:**
- initramfs-tools modules.j2 does not seem to be able to detect AMD CPUs [\#373](https://github.com/dev-sec/ansible-collection-hardening/issues/373)
- How do i install this on Centos 8? [\#367](https://github.com/dev-sec/ansible-collection-hardening/issues/367)
- hidepid=2 gives error when running systemctl on EL7 [\#364](https://github.com/dev-sec/ansible-collection-hardening/issues/364)
- hidepid=2 gives error when running systemctl on EL7 [\#364](https://github.com/dev-sec/ansible-collection-hardening/issues/364) [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)]
- Allow putting the ssh/sshd config in alternative files [\#348](https://github.com/dev-sec/ansible-collection-hardening/issues/348)
- os\_env\_umask has no effect [\#344](https://github.com/dev-sec/ansible-collection-hardening/issues/344)
- Don't modify /etc/sysctl.conf [\#343](https://github.com/dev-sec/ansible-collection-hardening/issues/343)
- Don't modify /etc/sysctl.conf [\#343](https://github.com/dev-sec/ansible-collection-hardening/issues/343) [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)]
**Merged pull requests:**
@ -194,11 +205,11 @@
- make release workflow manually runnable [\#384](https://github.com/dev-sec/ansible-collection-hardening/pull/384) ([schurzi](https://github.com/schurzi))
- run labeler workflow with higher privileges [\#383](https://github.com/dev-sec/ansible-collection-hardening/pull/383) ([schurzi](https://github.com/schurzi))
- remove issue labels from changelog [\#382](https://github.com/dev-sec/ansible-collection-hardening/pull/382) ([schurzi](https://github.com/schurzi))
- Added comment on top of templates about which role manages the file [\#378](https://github.com/dev-sec/ansible-collection-hardening/pull/378) ([joubbi](https://github.com/joubbi))
- Regenerate RSA key with size 4096 bits [\#376](https://github.com/dev-sec/ansible-collection-hardening/pull/376) ([ssttehrani](https://github.com/ssttehrani))
- Added comment on top of templates about which role manages the file [\#378](https://github.com/dev-sec/ansible-collection-hardening/pull/378) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([joubbi](https://github.com/joubbi))
- Regenerate RSA key with size 4096 bits [\#376](https://github.com/dev-sec/ansible-collection-hardening/pull/376) [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[ready to review](https://github.com/dev-sec/ansible-collection-hardening/labels/ready%20to%20review)] ([ssttehrani](https://github.com/ssttehrani))
- fix second changelog generation task, too [\#349](https://github.com/dev-sec/ansible-collection-hardening/pull/349) ([rndmh3ro](https://github.com/rndmh3ro))
- fix changelog generation [\#341](https://github.com/dev-sec/ansible-collection-hardening/pull/341) ([rndmh3ro](https://github.com/rndmh3ro))
- Improve README for ssh\_hardening [\#335](https://github.com/dev-sec/ansible-collection-hardening/pull/335) ([szEvEz](https://github.com/szEvEz))
- Improve README for ssh\_hardening [\#335](https://github.com/dev-sec/ansible-collection-hardening/pull/335) [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] ([szEvEz](https://github.com/szEvEz))
## [7.0.0](https://github.com/dev-sec/ansible-collection-hardening/tree/7.0.0) (2020-11-11)
@ -206,170 +217,170 @@
**Breaking changes:**
- Move all roles to one single collection [\#332](https://github.com/dev-sec/ansible-collection-hardening/pull/332) ([rndmh3ro](https://github.com/rndmh3ro))
- Move all roles to one single collection [\#332](https://github.com/dev-sec/ansible-collection-hardening/pull/332) [[breaking](https://github.com/dev-sec/ansible-collection-hardening/labels/breaking)] ([rndmh3ro](https://github.com/rndmh3ro))
**Implemented enhancements:**
- Breaking change in ansible-lint - set file permissions explicitly [\#299](https://github.com/dev-sec/ansible-collection-hardening/issues/299)
- Configure audit=1 for more accurate auid auditing [\#253](https://github.com/dev-sec/ansible-collection-hardening/issues/253)
- Add Debian Buster support for ansible-os-hardening [\#233](https://github.com/dev-sec/ansible-collection-hardening/issues/233)
- Add CentOS 8 support for ansible-os-hardening [\#232](https://github.com/dev-sec/ansible-collection-hardening/issues/232)
- Speed up "minimize access on found files" task [\#208](https://github.com/dev-sec/ansible-collection-hardening/issues/208)
- Fedora support? [\#163](https://github.com/dev-sec/ansible-collection-hardening/issues/163)
- Update some RH settings in this role [\#155](https://github.com/dev-sec/ansible-collection-hardening/issues/155)
- Add selinux configuration [\#154](https://github.com/dev-sec/ansible-collection-hardening/issues/154)
- Warning about "include" for tasks for ansible-playbook 2.4.0 \(devel f0a5854e39\) [\#131](https://github.com/dev-sec/ansible-collection-hardening/issues/131)
- Removal of core dump hardening configuration if core dumps are allowed [\#129](https://github.com/dev-sec/ansible-collection-hardening/issues/129)
- Description of the Ansible roles of dev-sec says "This Ansible playbook" [\#97](https://github.com/dev-sec/ansible-collection-hardening/issues/97)
- Improve Documentation [\#315](https://github.com/dev-sec/ansible-collection-hardening/pull/315) ([schurzi](https://github.com/schurzi))
- Arch support [\#303](https://github.com/dev-sec/ansible-collection-hardening/pull/303) ([rndmh3ro](https://github.com/rndmh3ro))
- fix linting for molecule [\#301](https://github.com/dev-sec/ansible-collection-hardening/pull/301) ([schurzi](https://github.com/schurzi))
- file permissions explicitly defined [\#300](https://github.com/dev-sec/ansible-collection-hardening/pull/300) ([danielkubat](https://github.com/danielkubat))
- Optimize and unify when clause [\#295](https://github.com/dev-sec/ansible-collection-hardening/pull/295) ([Alexhha](https://github.com/Alexhha))
- use find module instead of shell [\#294](https://github.com/dev-sec/ansible-collection-hardening/pull/294) ([danielkubat](https://github.com/danielkubat))
- improve testing [\#287](https://github.com/dev-sec/ansible-collection-hardening/pull/287) ([schurzi](https://github.com/schurzi))
- Mount proc filesystem using hidepid option [\#283](https://github.com/dev-sec/ansible-collection-hardening/pull/283) ([alegrey91](https://github.com/alegrey91))
- unify changelog and release actions [\#279](https://github.com/dev-sec/ansible-collection-hardening/pull/279) ([rndmh3ro](https://github.com/rndmh3ro))
- purge insecure packages [\#275](https://github.com/dev-sec/ansible-collection-hardening/pull/275) ([chris-rock](https://github.com/chris-rock))
- add changelog and release workflow [\#271](https://github.com/dev-sec/ansible-collection-hardening/pull/271) ([rndmh3ro](https://github.com/rndmh3ro))
- github action for changelog generation [\#270](https://github.com/dev-sec/ansible-collection-hardening/pull/270) ([rndmh3ro](https://github.com/rndmh3ro))
- Make useradd defaults in login.defs dependent on OS [\#266](https://github.com/dev-sec/ansible-collection-hardening/pull/266) ([aisbergg](https://github.com/aisbergg))
- Add kernel hardening parameters from Tails and CIS Benchmark [\#263](https://github.com/dev-sec/ansible-collection-hardening/pull/263) ([kravietz](https://github.com/kravietz))
- add ansible-lint [\#262](https://github.com/dev-sec/ansible-collection-hardening/pull/262) ([rndmh3ro](https://github.com/rndmh3ro))
- Remove trailing space [\#261](https://github.com/dev-sec/ansible-collection-hardening/pull/261) ([kravietz](https://github.com/kravietz))
- Add kernel parameter information to README [\#259](https://github.com/dev-sec/ansible-collection-hardening/pull/259) ([jaredledvina](https://github.com/jaredledvina))
- Remove trailing whitespaces \(ansible-lint 201\) [\#254](https://github.com/dev-sec/ansible-collection-hardening/pull/254) ([kravietz](https://github.com/kravietz))
- Standardize the var ordering [\#251](https://github.com/dev-sec/ansible-collection-hardening/pull/251) ([dustinmiller](https://github.com/dustinmiller))
- Add intial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-collection-hardening/pull/250) ([dustinmiller](https://github.com/dustinmiller))
- Make max\_log\_file\_action for auditd configurable [\#246](https://github.com/dev-sec/ansible-collection-hardening/pull/246) ([jandd](https://github.com/jandd))
- Add exception in sysctl task [\#240](https://github.com/dev-sec/ansible-collection-hardening/pull/240) ([ghost](https://github.com/ghost))
- Fedora - Use new auto ansible\_python\_interpreter for dnf [\#239](https://github.com/dev-sec/ansible-collection-hardening/pull/239) ([jaredledvina](https://github.com/jaredledvina))
- add test support for CentOS8 [\#237](https://github.com/dev-sec/ansible-collection-hardening/pull/237) ([yeoldegrove](https://github.com/yeoldegrove))
- Support configuring SELinux and default to enforcing [\#236](https://github.com/dev-sec/ansible-collection-hardening/pull/236) ([jaredledvina](https://github.com/jaredledvina))
- Add test support for debian buster [\#234](https://github.com/dev-sec/ansible-collection-hardening/pull/234) ([123Haynes](https://github.com/123Haynes))
- Changed local var name to a less common one [\#231](https://github.com/dev-sec/ansible-collection-hardening/pull/231) ([rgarrigue](https://github.com/rgarrigue))
- Use ansible facts for vars [\#226](https://github.com/dev-sec/ansible-collection-hardening/pull/226) ([joshuatalb](https://github.com/joshuatalb))
- Fix deprecation warnings in Ansible 2.8 [\#224](https://github.com/dev-sec/ansible-collection-hardening/pull/224) ([Normo](https://github.com/Normo))
- add docs to find-task in minimize access. fix \#219 [\#220](https://github.com/dev-sec/ansible-collection-hardening/pull/220) ([rndmh3ro](https://github.com/rndmh3ro))
- remove eol'd OS and add new [\#217](https://github.com/dev-sec/ansible-collection-hardening/pull/217) ([rndmh3ro](https://github.com/rndmh3ro))
- Add note about docker under warning [\#214](https://github.com/dev-sec/ansible-collection-hardening/pull/214) ([ChrisMcKee](https://github.com/ChrisMcKee))
- change minimize access tasks to speed them up [\#209](https://github.com/dev-sec/ansible-collection-hardening/pull/209) ([rndmh3ro](https://github.com/rndmh3ro))
- Added fedora support [\#206](https://github.com/dev-sec/ansible-collection-hardening/pull/206) ([jonaswre](https://github.com/jonaswre))
- Pass package list directly to apt and yum modules without using with\_items loop [\#200](https://github.com/dev-sec/ansible-collection-hardening/pull/200) ([Normo](https://github.com/Normo))
- add ubuntu 1804 support [\#196](https://github.com/dev-sec/ansible-collection-hardening/pull/196) ([rndmh3ro](https://github.com/rndmh3ro))
- add option to disable auditd [\#192](https://github.com/dev-sec/ansible-collection-hardening/pull/192) ([rndmh3ro](https://github.com/rndmh3ro))
- fix problems with efi and vfat [\#190](https://github.com/dev-sec/ansible-collection-hardening/pull/190) ([rndmh3ro](https://github.com/rndmh3ro))
- added os\_hardening\_enabled flag [\#186](https://github.com/dev-sec/ansible-collection-hardening/pull/186) ([jcheroske](https://github.com/jcheroske))
- add amazon run opts to travis [\#183](https://github.com/dev-sec/ansible-collection-hardening/pull/183) ([rndmh3ro](https://github.com/rndmh3ro))
- use package instead of yum and apt [\#180](https://github.com/dev-sec/ansible-collection-hardening/pull/180) ([rndmh3ro](https://github.com/rndmh3ro))
- add oracle7 to travis [\#178](https://github.com/dev-sec/ansible-collection-hardening/pull/178) ([rndmh3ro](https://github.com/rndmh3ro))
- fix wrong permissions passwdqc \#170 [\#176](https://github.com/dev-sec/ansible-collection-hardening/pull/176) ([rndmh3ro](https://github.com/rndmh3ro))
- ipv4 forwarding comment is inconsistent with example [\#174](https://github.com/dev-sec/ansible-collection-hardening/pull/174) ([carchrae](https://github.com/carchrae))
- Rename pam\_passwdqd.j2 to pam\_passwdqc.j2 [\#172](https://github.com/dev-sec/ansible-collection-hardening/pull/172) ([martinbydefault](https://github.com/martinbydefault))
- Use package state 'present' since 'installed' is deprecated [\#168](https://github.com/dev-sec/ansible-collection-hardening/pull/168) ([Normo](https://github.com/Normo))
- Update syntax to Ansible 2.4 [\#161](https://github.com/dev-sec/ansible-collection-hardening/pull/161) ([thomasjpfan](https://github.com/thomasjpfan))
- add amazon linux testing [\#160](https://github.com/dev-sec/ansible-collection-hardening/pull/160) ([rndmh3ro](https://github.com/rndmh3ro))
- Add support for Amazon Linux [\#158](https://github.com/dev-sec/ansible-collection-hardening/pull/158) ([woneill](https://github.com/woneill))
- Don't create home for system accounts [\#156](https://github.com/dev-sec/ansible-collection-hardening/pull/156) ([oakey-b1](https://github.com/oakey-b1))
- Prevent disabling of filesystems via whitelist [\#153](https://github.com/dev-sec/ansible-collection-hardening/pull/153) ([manuelprinz](https://github.com/manuelprinz))
- Add kernel hardening settings from Ubuntu /etc/sysctl.d [\#150](https://github.com/dev-sec/ansible-collection-hardening/pull/150) ([kravietz](https://github.com/kravietz))
- Removal of core dump hardening configuration if core dumps are allowed [\#146](https://github.com/dev-sec/ansible-collection-hardening/pull/146) ([martinbydefault](https://github.com/martinbydefault))
- install and configure auditd - fix inspec package-08 [\#144](https://github.com/dev-sec/ansible-collection-hardening/pull/144) ([rndmh3ro](https://github.com/rndmh3ro))
- add missing sysctl parameter [\#143](https://github.com/dev-sec/ansible-collection-hardening/pull/143) ([rndmh3ro](https://github.com/rndmh3ro))
- update readme [\#139](https://github.com/dev-sec/ansible-collection-hardening/pull/139) ([rndmh3ro](https://github.com/rndmh3ro))
- add modprobe template, control os-10 [\#138](https://github.com/dev-sec/ansible-collection-hardening/pull/138) ([rndmh3ro](https://github.com/rndmh3ro))
- new task for delete netrc files, control os-09 [\#137](https://github.com/dev-sec/ansible-collection-hardening/pull/137) ([rndmh3ro](https://github.com/rndmh3ro))
- add passwd task, control os-03 [\#136](https://github.com/dev-sec/ansible-collection-hardening/pull/136) ([rndmh3ro](https://github.com/rndmh3ro))
- remove prelink package, control package-09 [\#135](https://github.com/dev-sec/ansible-collection-hardening/pull/135) ([rndmh3ro](https://github.com/rndmh3ro))
- style update [\#134](https://github.com/dev-sec/ansible-collection-hardening/pull/134) ([rndmh3ro](https://github.com/rndmh3ro))
- Remove deprecated include for static tasks and use instead import\_tasks fix \#131 [\#132](https://github.com/dev-sec/ansible-collection-hardening/pull/132) ([HelioCampos](https://github.com/HelioCampos))
- Fix ansible.cfg and use comment filter [\#130](https://github.com/dev-sec/ansible-collection-hardening/pull/130) ([fazlearefin](https://github.com/fazlearefin))
- install initramfs-tools [\#114](https://github.com/dev-sec/ansible-collection-hardening/pull/114) ([rndmh3ro](https://github.com/rndmh3ro))
- omit empty variables [\#106](https://github.com/dev-sec/ansible-collection-hardening/pull/106) ([rndmh3ro](https://github.com/rndmh3ro))
- Supports --check mode [\#93](https://github.com/dev-sec/ansible-collection-hardening/pull/93) ([conorsch](https://github.com/conorsch))
- Adds support for CentOS 7 [\#91](https://github.com/dev-sec/ansible-collection-hardening/pull/91) ([conorsch](https://github.com/conorsch))
- Docker [\#90](https://github.com/dev-sec/ansible-collection-hardening/pull/90) ([rndmh3ro](https://github.com/rndmh3ro))
- debian 8 support [\#88](https://github.com/dev-sec/ansible-collection-hardening/pull/88) ([rndmh3ro](https://github.com/rndmh3ro))
- Ufw manage defaults [\#85](https://github.com/dev-sec/ansible-collection-hardening/pull/85) ([fitz123](https://github.com/fitz123))
- replace ignore\_errors to failed\_when to supress ugly error warnings [\#81](https://github.com/dev-sec/ansible-collection-hardening/pull/81) ([fitz123](https://github.com/fitz123))
- fix bare variables usage for loops [\#79](https://github.com/dev-sec/ansible-collection-hardening/pull/79) ([fitz123](https://github.com/fitz123))
- update platforms in meta-file [\#69](https://github.com/dev-sec/ansible-collection-hardening/pull/69) ([rndmh3ro](https://github.com/rndmh3ro))
- add webhook for ansible galaxy [\#68](https://github.com/dev-sec/ansible-collection-hardening/pull/68) ([rndmh3ro](https://github.com/rndmh3ro))
- Move sysctl vars to defaults [\#67](https://github.com/dev-sec/ansible-collection-hardening/pull/67) ([rndmh3ro](https://github.com/rndmh3ro))
- make sys\_uid and sys\_gid configurable [\#62](https://github.com/dev-sec/ansible-collection-hardening/pull/62) ([rndmh3ro](https://github.com/rndmh3ro))
- Ansible 2.0 support [\#59](https://github.com/dev-sec/ansible-collection-hardening/pull/59) ([rndmh3ro](https://github.com/rndmh3ro))
- use inspec as test framework [\#58](https://github.com/dev-sec/ansible-collection-hardening/pull/58) ([chris-rock](https://github.com/chris-rock))
- Packages as attributes [\#57](https://github.com/dev-sec/ansible-collection-hardening/pull/57) ([rndmh3ro](https://github.com/rndmh3ro))
- Change categories to tags for upcoming ansible 2.0 [\#56](https://github.com/dev-sec/ansible-collection-hardening/pull/56) ([rndmh3ro](https://github.com/rndmh3ro))
- Add SINGLE and PROMPT parameters. [\#55](https://github.com/dev-sec/ansible-collection-hardening/pull/55) ([rndmh3ro](https://github.com/rndmh3ro))
- add changelog generator [\#54](https://github.com/dev-sec/ansible-collection-hardening/pull/54) ([chris-rock](https://github.com/chris-rock))
- Breaking change in ansible-lint - set file permissions explicitly [\#299](https://github.com/dev-sec/ansible-collection-hardening/issues/299) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)]
- Configure audit=1 for more accurate auid auditing [\#253](https://github.com/dev-sec/ansible-collection-hardening/issues/253) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)]
- Add Debian Buster support for ansible-os-hardening [\#233](https://github.com/dev-sec/ansible-collection-hardening/issues/233) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[hacktoberfest](https://github.com/dev-sec/ansible-collection-hardening/labels/hacktoberfest)]
- Add CentOS 8 support for ansible-os-hardening [\#232](https://github.com/dev-sec/ansible-collection-hardening/issues/232) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[hacktoberfest](https://github.com/dev-sec/ansible-collection-hardening/labels/hacktoberfest)]
- Speed up "minimize access on found files" task [\#208](https://github.com/dev-sec/ansible-collection-hardening/issues/208) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)]
- Fedora support? [\#163](https://github.com/dev-sec/ansible-collection-hardening/issues/163) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- Update some RH settings in this role [\#155](https://github.com/dev-sec/ansible-collection-hardening/issues/155) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)]
- Add selinux configuration [\#154](https://github.com/dev-sec/ansible-collection-hardening/issues/154) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[hacktoberfest](https://github.com/dev-sec/ansible-collection-hardening/labels/hacktoberfest)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- Warning about "include" for tasks for ansible-playbook 2.4.0 \(devel f0a5854e39\) [\#131](https://github.com/dev-sec/ansible-collection-hardening/issues/131) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)]
- Removal of core dump hardening configuration if core dumps are allowed [\#129](https://github.com/dev-sec/ansible-collection-hardening/issues/129) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- Description of the Ansible roles of dev-sec says "This Ansible playbook" [\#97](https://github.com/dev-sec/ansible-collection-hardening/issues/97) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)]
- Improve Documentation [\#315](https://github.com/dev-sec/ansible-collection-hardening/pull/315) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([schurzi](https://github.com/schurzi))
- Arch support [\#303](https://github.com/dev-sec/ansible-collection-hardening/pull/303) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([rndmh3ro](https://github.com/rndmh3ro))
- fix linting for molecule [\#301](https://github.com/dev-sec/ansible-collection-hardening/pull/301) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([schurzi](https://github.com/schurzi))
- file permissions explicitly defined [\#300](https://github.com/dev-sec/ansible-collection-hardening/pull/300) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] ([danielkubat](https://github.com/danielkubat))
- Optimize and unify when clause [\#295](https://github.com/dev-sec/ansible-collection-hardening/pull/295) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([Alexhha](https://github.com/Alexhha))
- use find module instead of shell [\#294](https://github.com/dev-sec/ansible-collection-hardening/pull/294) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([danielkubat](https://github.com/danielkubat))
- improve testing [\#287](https://github.com/dev-sec/ansible-collection-hardening/pull/287) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] ([schurzi](https://github.com/schurzi))
- Mount proc filesystem using hidepid option [\#283](https://github.com/dev-sec/ansible-collection-hardening/pull/283) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] ([alegrey91](https://github.com/alegrey91))
- unify changelog and release actions [\#279](https://github.com/dev-sec/ansible-collection-hardening/pull/279) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
- purge insecure packages [\#275](https://github.com/dev-sec/ansible-collection-hardening/pull/275) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[minor](https://github.com/dev-sec/ansible-collection-hardening/labels/minor)] ([chris-rock](https://github.com/chris-rock))
- add changelog and release workflow [\#271](https://github.com/dev-sec/ansible-collection-hardening/pull/271) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
- github action for changelog generation [\#270](https://github.com/dev-sec/ansible-collection-hardening/pull/270) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
- Make useradd defaults in login.defs dependent on OS [\#266](https://github.com/dev-sec/ansible-collection-hardening/pull/266) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([aisbergg](https://github.com/aisbergg))
- Add kernel hardening parameters from Tails and CIS Benchmark [\#263](https://github.com/dev-sec/ansible-collection-hardening/pull/263) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([kravietz](https://github.com/kravietz))
- add ansible-lint [\#262](https://github.com/dev-sec/ansible-collection-hardening/pull/262) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Remove trailing space [\#261](https://github.com/dev-sec/ansible-collection-hardening/pull/261) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([kravietz](https://github.com/kravietz))
- Add kernel parameter information to README [\#259](https://github.com/dev-sec/ansible-collection-hardening/pull/259) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([jaredledvina](https://github.com/jaredledvina))
- Remove trailing whitespaces \(ansible-lint 201\) [\#254](https://github.com/dev-sec/ansible-collection-hardening/pull/254) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([kravietz](https://github.com/kravietz))
- Standardize the var ordering [\#251](https://github.com/dev-sec/ansible-collection-hardening/pull/251) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([dustinmiller](https://github.com/dustinmiller))
- Add intial support for OpenSUSE [\#250](https://github.com/dev-sec/ansible-collection-hardening/pull/250) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([dustinmiller](https://github.com/dustinmiller))
- Make max\_log\_file\_action for auditd configurable [\#246](https://github.com/dev-sec/ansible-collection-hardening/pull/246) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([jandd](https://github.com/jandd))
- Add exception in sysctl task [\#240](https://github.com/dev-sec/ansible-collection-hardening/pull/240) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([ghost](https://github.com/ghost))
- Fedora - Use new auto ansible\_python\_interpreter for dnf [\#239](https://github.com/dev-sec/ansible-collection-hardening/pull/239) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([jaredledvina](https://github.com/jaredledvina))
- add test support for CentOS8 [\#237](https://github.com/dev-sec/ansible-collection-hardening/pull/237) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([yeoldegrove](https://github.com/yeoldegrove))
- Support configuring SELinux and default to enforcing [\#236](https://github.com/dev-sec/ansible-collection-hardening/pull/236) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([jaredledvina](https://github.com/jaredledvina))
- Add test support for debian buster [\#234](https://github.com/dev-sec/ansible-collection-hardening/pull/234) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([123Haynes](https://github.com/123Haynes))
- Changed local var name to a less common one [\#231](https://github.com/dev-sec/ansible-collection-hardening/pull/231) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rgarrigue](https://github.com/rgarrigue))
- Use ansible facts for vars [\#226](https://github.com/dev-sec/ansible-collection-hardening/pull/226) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([joshuatalb](https://github.com/joshuatalb))
- Fix deprecation warnings in Ansible 2.8 [\#224](https://github.com/dev-sec/ansible-collection-hardening/pull/224) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([Normo](https://github.com/Normo))
- add docs to find-task in minimize access. fix \#219 [\#220](https://github.com/dev-sec/ansible-collection-hardening/pull/220) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- remove eol'd OS and add new [\#217](https://github.com/dev-sec/ansible-collection-hardening/pull/217) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Add note about docker under warning [\#214](https://github.com/dev-sec/ansible-collection-hardening/pull/214) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([ChrisMcKee](https://github.com/ChrisMcKee))
- change minimize access tasks to speed them up [\#209](https://github.com/dev-sec/ansible-collection-hardening/pull/209) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Added fedora support [\#206](https://github.com/dev-sec/ansible-collection-hardening/pull/206) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([jonaswre](https://github.com/jonaswre))
- Pass package list directly to apt and yum modules without using with\_items loop [\#200](https://github.com/dev-sec/ansible-collection-hardening/pull/200) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([Normo](https://github.com/Normo))
- add ubuntu 1804 support [\#196](https://github.com/dev-sec/ansible-collection-hardening/pull/196) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- add option to disable auditd [\#192](https://github.com/dev-sec/ansible-collection-hardening/pull/192) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- fix problems with efi and vfat [\#190](https://github.com/dev-sec/ansible-collection-hardening/pull/190) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- added os\_hardening\_enabled flag [\#186](https://github.com/dev-sec/ansible-collection-hardening/pull/186) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([jcheroske](https://github.com/jcheroske))
- add amazon run opts to travis [\#183](https://github.com/dev-sec/ansible-collection-hardening/pull/183) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- use package instead of yum and apt [\#180](https://github.com/dev-sec/ansible-collection-hardening/pull/180) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- add oracle7 to travis [\#178](https://github.com/dev-sec/ansible-collection-hardening/pull/178) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- fix wrong permissions passwdqc \#170 [\#176](https://github.com/dev-sec/ansible-collection-hardening/pull/176) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- ipv4 forwarding comment is inconsistent with example [\#174](https://github.com/dev-sec/ansible-collection-hardening/pull/174) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([carchrae](https://github.com/carchrae))
- Rename pam\_passwdqd.j2 to pam\_passwdqc.j2 [\#172](https://github.com/dev-sec/ansible-collection-hardening/pull/172) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([martinbydefault](https://github.com/martinbydefault))
- Use package state 'present' since 'installed' is deprecated [\#168](https://github.com/dev-sec/ansible-collection-hardening/pull/168) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([Normo](https://github.com/Normo))
- Update syntax to Ansible 2.4 [\#161](https://github.com/dev-sec/ansible-collection-hardening/pull/161) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([thomasjpfan](https://github.com/thomasjpfan))
- add amazon linux testing [\#160](https://github.com/dev-sec/ansible-collection-hardening/pull/160) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Add support for Amazon Linux [\#158](https://github.com/dev-sec/ansible-collection-hardening/pull/158) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([woneill](https://github.com/woneill))
- Don't create home for system accounts [\#156](https://github.com/dev-sec/ansible-collection-hardening/pull/156) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([oakey-b1](https://github.com/oakey-b1))
- Prevent disabling of filesystems via whitelist [\#153](https://github.com/dev-sec/ansible-collection-hardening/pull/153) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([manuelprinz](https://github.com/manuelprinz))
- Add kernel hardening settings from Ubuntu /etc/sysctl.d [\#150](https://github.com/dev-sec/ansible-collection-hardening/pull/150) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([kravietz](https://github.com/kravietz))
- Removal of core dump hardening configuration if core dumps are allowed [\#146](https://github.com/dev-sec/ansible-collection-hardening/pull/146) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([martinbydefault](https://github.com/martinbydefault))
- install and configure auditd - fix inspec package-08 [\#144](https://github.com/dev-sec/ansible-collection-hardening/pull/144) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- add missing sysctl parameter [\#143](https://github.com/dev-sec/ansible-collection-hardening/pull/143) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] [[in progress](https://github.com/dev-sec/ansible-collection-hardening/labels/in%20progress)] ([rndmh3ro](https://github.com/rndmh3ro))
- update readme [\#139](https://github.com/dev-sec/ansible-collection-hardening/pull/139) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- add modprobe template, control os-10 [\#138](https://github.com/dev-sec/ansible-collection-hardening/pull/138) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- new task for delete netrc files, control os-09 [\#137](https://github.com/dev-sec/ansible-collection-hardening/pull/137) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- add passwd task, control os-03 [\#136](https://github.com/dev-sec/ansible-collection-hardening/pull/136) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- remove prelink package, control package-09 [\#135](https://github.com/dev-sec/ansible-collection-hardening/pull/135) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- style update [\#134](https://github.com/dev-sec/ansible-collection-hardening/pull/134) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Remove deprecated include for static tasks and use instead import\_tasks fix \#131 [\#132](https://github.com/dev-sec/ansible-collection-hardening/pull/132) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([HelioCampos](https://github.com/HelioCampos))
- Fix ansible.cfg and use comment filter [\#130](https://github.com/dev-sec/ansible-collection-hardening/pull/130) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([fazlearefin](https://github.com/fazlearefin))
- install initramfs-tools [\#114](https://github.com/dev-sec/ansible-collection-hardening/pull/114) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- omit empty variables [\#106](https://github.com/dev-sec/ansible-collection-hardening/pull/106) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Supports --check mode [\#93](https://github.com/dev-sec/ansible-collection-hardening/pull/93) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([conorsch](https://github.com/conorsch))
- Adds support for CentOS 7 [\#91](https://github.com/dev-sec/ansible-collection-hardening/pull/91) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([conorsch](https://github.com/conorsch))
- Docker [\#90](https://github.com/dev-sec/ansible-collection-hardening/pull/90) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- debian 8 support [\#88](https://github.com/dev-sec/ansible-collection-hardening/pull/88) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Ufw manage defaults [\#85](https://github.com/dev-sec/ansible-collection-hardening/pull/85) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
- replace ignore\_errors to failed\_when to supress ugly error warnings [\#81](https://github.com/dev-sec/ansible-collection-hardening/pull/81) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
- fix bare variables usage for loops [\#79](https://github.com/dev-sec/ansible-collection-hardening/pull/79) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([fitz123](https://github.com/fitz123))
- update platforms in meta-file [\#69](https://github.com/dev-sec/ansible-collection-hardening/pull/69) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- add webhook for ansible galaxy [\#68](https://github.com/dev-sec/ansible-collection-hardening/pull/68) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Move sysctl vars to defaults [\#67](https://github.com/dev-sec/ansible-collection-hardening/pull/67) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- make sys\_uid and sys\_gid configurable [\#62](https://github.com/dev-sec/ansible-collection-hardening/pull/62) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Ansible 2.0 support [\#59](https://github.com/dev-sec/ansible-collection-hardening/pull/59) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- use inspec as test framework [\#58](https://github.com/dev-sec/ansible-collection-hardening/pull/58) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([chris-rock](https://github.com/chris-rock))
- Packages as attributes [\#57](https://github.com/dev-sec/ansible-collection-hardening/pull/57) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Change categories to tags for upcoming ansible 2.0 [\#56](https://github.com/dev-sec/ansible-collection-hardening/pull/56) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- Add SINGLE and PROMPT parameters. [\#55](https://github.com/dev-sec/ansible-collection-hardening/pull/55) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([rndmh3ro](https://github.com/rndmh3ro))
- add changelog generator [\#54](https://github.com/dev-sec/ansible-collection-hardening/pull/54) [[enhancement](https://github.com/dev-sec/ansible-collection-hardening/labels/enhancement)] ([chris-rock](https://github.com/chris-rock))
**Fixed bugs:**
- Task "set 10.hardcore.conf perms to 0400 and root ownership" fails in check mode [\#313](https://github.com/dev-sec/ansible-collection-hardening/issues/313)
- Inconsistent use of role vars/role defaults [\#284](https://github.com/dev-sec/ansible-collection-hardening/issues/284)
- Is it safe to use on Debian 10? The build is failing. [\#281](https://github.com/dev-sec/ansible-collection-hardening/issues/281)
- /etc/login.defs alters centos 7/8 default values [\#265](https://github.com/dev-sec/ansible-collection-hardening/issues/265)
- Invalid Conditionals in user\_accounts.yml [\#255](https://github.com/dev-sec/ansible-collection-hardening/issues/255)
- `auth-system` related files are created for non-RHEL systems \(e.g. Debian\) [\#247](https://github.com/dev-sec/ansible-collection-hardening/issues/247)
- NSA website links are stale [\#227](https://github.com/dev-sec/ansible-collection-hardening/issues/227)
- Running ansible on python3 throughs "TypeError: '\<=' not supported between instances of 'str' and 'int'" [\#223](https://github.com/dev-sec/ansible-collection-hardening/issues/223)
- \[lots of\] deprecation warnings in Ansible 2.8 [\#221](https://github.com/dev-sec/ansible-collection-hardening/issues/221)
- `squash_actions` deprecation warning [\#218](https://github.com/dev-sec/ansible-collection-hardening/issues/218)
- login.defs.j2 template: ENV\_PATH is missing ':' before variable substitution [\#202](https://github.com/dev-sec/ansible-collection-hardening/issues/202)
- auditd causing v5.0 to fail on unpriviledged LXC's [\#191](https://github.com/dev-sec/ansible-collection-hardening/issues/191)
- Setting os\_security\_users\_allow has no effect [\#175](https://github.com/dev-sec/ansible-collection-hardening/issues/175)
- minimize\_access: maximum recursion depth exceeded on Ansible 2.5 [\#171](https://github.com/dev-sec/ansible-collection-hardening/issues/171)
- wrong permissions passwdqc [\#170](https://github.com/dev-sec/ansible-collection-hardening/issues/170)
- 'sysctl\_rhel\_config' is undefined [\#167](https://github.com/dev-sec/ansible-collection-hardening/issues/167)
- Update deprecated `include` statements [\#166](https://github.com/dev-sec/ansible-collection-hardening/issues/166)
- Strongly recommend against disabling vfat by default [\#162](https://github.com/dev-sec/ansible-collection-hardening/issues/162)
- bug in ufw.j2 template [\#151](https://github.com/dev-sec/ansible-collection-hardening/issues/151)
- Add a "don't fail on error" switch ? [\#148](https://github.com/dev-sec/ansible-collection-hardening/issues/148)
- System completely unresponsive after role execution [\#145](https://github.com/dev-sec/ansible-collection-hardening/issues/145)
- Why is rsync removed? [\#141](https://github.com/dev-sec/ansible-collection-hardening/issues/141)
- RHEL 7.4: Too many setuid bits removed [\#140](https://github.com/dev-sec/ansible-collection-hardening/issues/140)
- Change system accounts not on the user provided ignore-list items are not JSON serializable [\#125](https://github.com/dev-sec/ansible-collection-hardening/issues/125)
- playbook makes OS undetectable [\#124](https://github.com/dev-sec/ansible-collection-hardening/issues/124)
- Centos7/RHEL7: Exec shield is enabled by default and not manageable anymore by sysctl.conf [\#118](https://github.com/dev-sec/ansible-collection-hardening/issues/118)
- Could not find gem 'ruby \(\>= 2.1.0\)' [\#116](https://github.com/dev-sec/ansible-collection-hardening/issues/116)
- os\_security\_kernel\_enable\_sysrq is not implemented [\#115](https://github.com/dev-sec/ansible-collection-hardening/issues/115)
- The task sysctl fails when /etc/initramfs-tools is not present [\#111](https://github.com/dev-sec/ansible-collection-hardening/issues/111)
- The role fails when conditionally included [\#105](https://github.com/dev-sec/ansible-collection-hardening/issues/105)
- Deprecation warning always\_run [\#103](https://github.com/dev-sec/ansible-collection-hardening/issues/103)
- CentOS 7 selinux dependencies [\#102](https://github.com/dev-sec/ansible-collection-hardening/issues/102)
- ubuntu xenial warning during activate gpg-check for yum-repos [\#99](https://github.com/dev-sec/ansible-collection-hardening/issues/99)
- rhel\_system\_auth.j2 is still using pam\_passwdqc.so for CentOS 7 [\#98](https://github.com/dev-sec/ansible-collection-hardening/issues/98)
- Centos 7.1 fails at \[Change various sysctl-settings on rhel-hosts...\] [\#74](https://github.com/dev-sec/ansible-collection-hardening/issues/74)
- Enable pam\_pwquality in rhel-family \> 7 [\#73](https://github.com/dev-sec/ansible-collection-hardening/issues/73)
- Hardening fails on Centos 7.1 at task 'minimize access' [\#71](https://github.com/dev-sec/ansible-collection-hardening/issues/71)
- "irc" user always changed after reboot [\#53](https://github.com/dev-sec/ansible-collection-hardening/issues/53)
- use touch for 10.hardcore.conf to avoid problems with dry-run [\#314](https://github.com/dev-sec/ansible-collection-hardening/pull/314) ([schurzi](https://github.com/schurzi))
- use touch with no date changes [\#310](https://github.com/dev-sec/ansible-collection-hardening/pull/310) ([rndmh3ro](https://github.com/rndmh3ro))
- do not touch sysctl file to avoid idempotency problems [\#309](https://github.com/dev-sec/ansible-collection-hardening/pull/309) ([rndmh3ro](https://github.com/rndmh3ro))
- replace module parameter fixed [\#297](https://github.com/dev-sec/ansible-collection-hardening/pull/297) ([danielkubat](https://github.com/danielkubat))
- Addressing issue \#255 [\#258](https://github.com/dev-sec/ansible-collection-hardening/pull/258) ([ljkimmel](https://github.com/ljkimmel))
- Fix \#247, cleanup conditions [\#248](https://github.com/dev-sec/ansible-collection-hardening/pull/248) ([fernandezcuesta](https://github.com/fernandezcuesta))
- Fix error on applying the sysctl vars on containers [\#243](https://github.com/dev-sec/ansible-collection-hardening/pull/243) ([ghost](https://github.com/ghost))
- Update location of NSA RHEL 5 Guide [\#235](https://github.com/dev-sec/ansible-collection-hardening/pull/235) ([jaredledvina](https://github.com/jaredledvina))
- Fix typo [\#212](https://github.com/dev-sec/ansible-collection-hardening/pull/212) ([ruslo](https://github.com/ruslo))
- Update modprobe to 0644 [\#211](https://github.com/dev-sec/ansible-collection-hardening/pull/211) ([joshuatalb](https://github.com/joshuatalb))
- Test Kitchen Vagrant Fixes [\#210](https://github.com/dev-sec/ansible-collection-hardening/pull/210) ([joshuatalb](https://github.com/joshuatalb))
- \[readme\] Update documentation link [\#207](https://github.com/dev-sec/ansible-collection-hardening/pull/207) ([pmav99](https://github.com/pmav99))
- fix ansible lint remarks [\#204](https://github.com/dev-sec/ansible-collection-hardening/pull/204) ([rndmh3ro](https://github.com/rndmh3ro))
- add colon to user env paths - fix \#202 [\#203](https://github.com/dev-sec/ansible-collection-hardening/pull/203) ([rndmh3ro](https://github.com/rndmh3ro))
- add /usr/bin/su to suid\_guid whitelist [\#199](https://github.com/dev-sec/ansible-collection-hardening/pull/199) ([ccolic](https://github.com/ccolic))
- ensure that permissions to su-binary are not restricted to root user and group only, if os\_security\_users\_allow contains the value change\_user [\#197](https://github.com/dev-sec/ansible-collection-hardening/pull/197) ([szEvEz](https://github.com/szEvEz))
- do not install passwdqc on amazon linux [\#189](https://github.com/dev-sec/ansible-collection-hardening/pull/189) ([rndmh3ro](https://github.com/rndmh3ro))
- add back run opts for debian 8 in travis [\#184](https://github.com/dev-sec/ansible-collection-hardening/pull/184) ([rndmh3ro](https://github.com/rndmh3ro))
- Fix core dump config file creation when core dumps are disabled [\#182](https://github.com/dev-sec/ansible-collection-hardening/pull/182) ([Normo](https://github.com/Normo))
- change minimize access method [\#181](https://github.com/dev-sec/ansible-collection-hardening/pull/181) ([rndmh3ro](https://github.com/rndmh3ro))
- Fix errors produced by ansible-lint [\#159](https://github.com/dev-sec/ansible-collection-hardening/pull/159) ([zbrojny120](https://github.com/zbrojny120))
- replace single ticks with double ticks. fix \#151 [\#152](https://github.com/dev-sec/ansible-collection-hardening/pull/152) ([rndmh3ro](https://github.com/rndmh3ro))
- fixed tag [\#149](https://github.com/dev-sec/ansible-collection-hardening/pull/149) ([martinbydefault](https://github.com/martinbydefault))
- Remove rsync from package blacklist [\#142](https://github.com/dev-sec/ansible-collection-hardening/pull/142) ([duk3luk3](https://github.com/duk3luk3))
- Updates "tags" parameters on includes in main.yml [\#66](https://github.com/dev-sec/ansible-collection-hardening/pull/66) ([conorsch](https://github.com/conorsch))
- Suid set def var, fix \#64 [\#63](https://github.com/dev-sec/ansible-collection-hardening/pull/63) ([rndmh3ro](https://github.com/rndmh3ro))
- Task "set 10.hardcore.conf perms to 0400 and root ownership" fails in check mode [\#313](https://github.com/dev-sec/ansible-collection-hardening/issues/313) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)]
- Inconsistent use of role vars/role defaults [\#284](https://github.com/dev-sec/ansible-collection-hardening/issues/284) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Is it safe to use on Debian 10? The build is failing. [\#281](https://github.com/dev-sec/ansible-collection-hardening/issues/281) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- /etc/login.defs alters centos 7/8 default values [\#265](https://github.com/dev-sec/ansible-collection-hardening/issues/265) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- Invalid Conditionals in user\_accounts.yml [\#255](https://github.com/dev-sec/ansible-collection-hardening/issues/255) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- `auth-system` related files are created for non-RHEL systems \(e.g. Debian\) [\#247](https://github.com/dev-sec/ansible-collection-hardening/issues/247) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- NSA website links are stale [\#227](https://github.com/dev-sec/ansible-collection-hardening/issues/227) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[hacktoberfest](https://github.com/dev-sec/ansible-collection-hardening/labels/hacktoberfest)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- Running ansible on python3 throughs "TypeError: '\<=' not supported between instances of 'str' and 'int'" [\#223](https://github.com/dev-sec/ansible-collection-hardening/issues/223) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- \[lots of\] deprecation warnings in Ansible 2.8 [\#221](https://github.com/dev-sec/ansible-collection-hardening/issues/221) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- `squash_actions` deprecation warning [\#218](https://github.com/dev-sec/ansible-collection-hardening/issues/218) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- login.defs.j2 template: ENV\_PATH is missing ':' before variable substitution [\#202](https://github.com/dev-sec/ansible-collection-hardening/issues/202) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- auditd causing v5.0 to fail on unpriviledged LXC's [\#191](https://github.com/dev-sec/ansible-collection-hardening/issues/191) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Setting os\_security\_users\_allow has no effect [\#175](https://github.com/dev-sec/ansible-collection-hardening/issues/175) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- minimize\_access: maximum recursion depth exceeded on Ansible 2.5 [\#171](https://github.com/dev-sec/ansible-collection-hardening/issues/171) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- wrong permissions passwdqc [\#170](https://github.com/dev-sec/ansible-collection-hardening/issues/170) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- 'sysctl\_rhel\_config' is undefined [\#167](https://github.com/dev-sec/ansible-collection-hardening/issues/167) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Update deprecated `include` statements [\#166](https://github.com/dev-sec/ansible-collection-hardening/issues/166) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Strongly recommend against disabling vfat by default [\#162](https://github.com/dev-sec/ansible-collection-hardening/issues/162) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- bug in ufw.j2 template [\#151](https://github.com/dev-sec/ansible-collection-hardening/issues/151) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Add a "don't fail on error" switch ? [\#148](https://github.com/dev-sec/ansible-collection-hardening/issues/148) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- System completely unresponsive after role execution [\#145](https://github.com/dev-sec/ansible-collection-hardening/issues/145) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Why is rsync removed? [\#141](https://github.com/dev-sec/ansible-collection-hardening/issues/141) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- RHEL 7.4: Too many setuid bits removed [\#140](https://github.com/dev-sec/ansible-collection-hardening/issues/140) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- Change system accounts not on the user provided ignore-list items are not JSON serializable [\#125](https://github.com/dev-sec/ansible-collection-hardening/issues/125) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- playbook makes OS undetectable [\#124](https://github.com/dev-sec/ansible-collection-hardening/issues/124) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Centos7/RHEL7: Exec shield is enabled by default and not manageable anymore by sysctl.conf [\#118](https://github.com/dev-sec/ansible-collection-hardening/issues/118) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Could not find gem 'ruby \(\>= 2.1.0\)' [\#116](https://github.com/dev-sec/ansible-collection-hardening/issues/116) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- os\_security\_kernel\_enable\_sysrq is not implemented [\#115](https://github.com/dev-sec/ansible-collection-hardening/issues/115) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- The task sysctl fails when /etc/initramfs-tools is not present [\#111](https://github.com/dev-sec/ansible-collection-hardening/issues/111) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- The role fails when conditionally included [\#105](https://github.com/dev-sec/ansible-collection-hardening/issues/105) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Deprecation warning always\_run [\#103](https://github.com/dev-sec/ansible-collection-hardening/issues/103) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- CentOS 7 selinux dependencies [\#102](https://github.com/dev-sec/ansible-collection-hardening/issues/102) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- ubuntu xenial warning during activate gpg-check for yum-repos [\#99](https://github.com/dev-sec/ansible-collection-hardening/issues/99) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- rhel\_system\_auth.j2 is still using pam\_passwdqc.so for CentOS 7 [\#98](https://github.com/dev-sec/ansible-collection-hardening/issues/98) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Centos 7.1 fails at \[Change various sysctl-settings on rhel-hosts...\] [\#74](https://github.com/dev-sec/ansible-collection-hardening/issues/74) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)]
- Enable pam\_pwquality in rhel-family \> 7 [\#73](https://github.com/dev-sec/ansible-collection-hardening/issues/73) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- Hardening fails on Centos 7.1 at task 'minimize access' [\#71](https://github.com/dev-sec/ansible-collection-hardening/issues/71) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- "irc" user always changed after reboot [\#53](https://github.com/dev-sec/ansible-collection-hardening/issues/53) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[help wanted](https://github.com/dev-sec/ansible-collection-hardening/labels/help%20wanted)]
- use touch for 10.hardcore.conf to avoid problems with dry-run [\#314](https://github.com/dev-sec/ansible-collection-hardening/pull/314) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([schurzi](https://github.com/schurzi))
- use touch with no date changes [\#310](https://github.com/dev-sec/ansible-collection-hardening/pull/310) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
- do not touch sysctl file to avoid idempotency problems [\#309](https://github.com/dev-sec/ansible-collection-hardening/pull/309) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
- replace module parameter fixed [\#297](https://github.com/dev-sec/ansible-collection-hardening/pull/297) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([danielkubat](https://github.com/danielkubat))
- Addressing issue \#255 [\#258](https://github.com/dev-sec/ansible-collection-hardening/pull/258) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([ljkimmel](https://github.com/ljkimmel))
- Fix \#247, cleanup conditions [\#248](https://github.com/dev-sec/ansible-collection-hardening/pull/248) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([fernandezcuesta](https://github.com/fernandezcuesta))
- Fix error on applying the sysctl vars on containers [\#243](https://github.com/dev-sec/ansible-collection-hardening/pull/243) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([ghost](https://github.com/ghost))
- Update location of NSA RHEL 5 Guide [\#235](https://github.com/dev-sec/ansible-collection-hardening/pull/235) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([jaredledvina](https://github.com/jaredledvina))
- Fix typo [\#212](https://github.com/dev-sec/ansible-collection-hardening/pull/212) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([ruslo](https://github.com/ruslo))
- Update modprobe to 0644 [\#211](https://github.com/dev-sec/ansible-collection-hardening/pull/211) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([joshuatalb](https://github.com/joshuatalb))
- Test Kitchen Vagrant Fixes [\#210](https://github.com/dev-sec/ansible-collection-hardening/pull/210) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([joshuatalb](https://github.com/joshuatalb))
- \[readme\] Update documentation link [\#207](https://github.com/dev-sec/ansible-collection-hardening/pull/207) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([pmav99](https://github.com/pmav99))
- fix ansible lint remarks [\#204](https://github.com/dev-sec/ansible-collection-hardening/pull/204) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([rndmh3ro](https://github.com/rndmh3ro))
- add colon to user env paths - fix \#202 [\#203](https://github.com/dev-sec/ansible-collection-hardening/pull/203) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([rndmh3ro](https://github.com/rndmh3ro))
- add /usr/bin/su to suid\_guid whitelist [\#199](https://github.com/dev-sec/ansible-collection-hardening/pull/199) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([ccolic](https://github.com/ccolic))
- ensure that permissions to su-binary are not restricted to root user and group only, if os\_security\_users\_allow contains the value change\_user [\#197](https://github.com/dev-sec/ansible-collection-hardening/pull/197) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([szEvEz](https://github.com/szEvEz))
- do not install passwdqc on amazon linux [\#189](https://github.com/dev-sec/ansible-collection-hardening/pull/189) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([rndmh3ro](https://github.com/rndmh3ro))
- add back run opts for debian 8 in travis [\#184](https://github.com/dev-sec/ansible-collection-hardening/pull/184) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([rndmh3ro](https://github.com/rndmh3ro))
- Fix core dump config file creation when core dumps are disabled [\#182](https://github.com/dev-sec/ansible-collection-hardening/pull/182) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([Normo](https://github.com/Normo))
- change minimize access method [\#181](https://github.com/dev-sec/ansible-collection-hardening/pull/181) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([rndmh3ro](https://github.com/rndmh3ro))
- Fix errors produced by ansible-lint [\#159](https://github.com/dev-sec/ansible-collection-hardening/pull/159) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([zbrojny120](https://github.com/zbrojny120))
- replace single ticks with double ticks. fix \#151 [\#152](https://github.com/dev-sec/ansible-collection-hardening/pull/152) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([rndmh3ro](https://github.com/rndmh3ro))
- fixed tag [\#149](https://github.com/dev-sec/ansible-collection-hardening/pull/149) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([martinbydefault](https://github.com/martinbydefault))
- Remove rsync from package blacklist [\#142](https://github.com/dev-sec/ansible-collection-hardening/pull/142) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([duk3luk3](https://github.com/duk3luk3))
- Updates "tags" parameters on includes in main.yml [\#66](https://github.com/dev-sec/ansible-collection-hardening/pull/66) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([conorsch](https://github.com/conorsch))
- Suid set def var, fix \#64 [\#63](https://github.com/dev-sec/ansible-collection-hardening/pull/63) [[bug](https://github.com/dev-sec/ansible-collection-hardening/labels/bug)] ([rndmh3ro](https://github.com/rndmh3ro))
**Closed issues:**
@ -402,11 +413,11 @@
**Merged pull requests:**
- prettier markdown files action added [\#322](https://github.com/dev-sec/ansible-collection-hardening/pull/322) ([danielkubat](https://github.com/danielkubat))
- adjust permissions on shadow file on suse [\#311](https://github.com/dev-sec/ansible-collection-hardening/pull/311) ([rndmh3ro](https://github.com/rndmh3ro))
- adjust permissions on shadow file on suse [\#311](https://github.com/dev-sec/ansible-collection-hardening/pull/311) [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
- fix fedora build [\#296](https://github.com/dev-sec/ansible-collection-hardening/pull/296) ([rndmh3ro](https://github.com/rndmh3ro))
- do not blacklist used filesystems [\#289](https://github.com/dev-sec/ansible-collection-hardening/pull/289) ([schurzi](https://github.com/schurzi))
- move hidepid vars into defaults so theyre overwritable [\#285](https://github.com/dev-sec/ansible-collection-hardening/pull/285) ([rndmh3ro](https://github.com/rndmh3ro))
- install procps in debian so sysctl.conf exists [\#282](https://github.com/dev-sec/ansible-collection-hardening/pull/282) ([rndmh3ro](https://github.com/rndmh3ro))
- do not blacklist used filesystems [\#289](https://github.com/dev-sec/ansible-collection-hardening/pull/289) [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([schurzi](https://github.com/schurzi))
- move hidepid vars into defaults so theyre overwritable [\#285](https://github.com/dev-sec/ansible-collection-hardening/pull/285) [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
- install procps in debian so sysctl.conf exists [\#282](https://github.com/dev-sec/ansible-collection-hardening/pull/282) [[patch](https://github.com/dev-sec/ansible-collection-hardening/labels/patch)] ([rndmh3ro](https://github.com/rndmh3ro))
- move defaults to os-specific vars [\#157](https://github.com/dev-sec/ansible-collection-hardening/pull/157) ([rndmh3ro](https://github.com/rndmh3ro))
- Converts set to JSON-serializable list [\#126](https://github.com/dev-sec/ansible-collection-hardening/pull/126) ([pestaa](https://github.com/pestaa))
- add more sysctl settings, allow overwriting [\#120](https://github.com/dev-sec/ansible-collection-hardening/pull/120) ([rndmh3ro](https://github.com/rndmh3ro))