centos7 is eol, remove it (#767)

* centos7 is eol, remove it

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

* change workflow to update readmes when meta/main.yml is changed

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

* remove mention of centos 7 from readme

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

---------

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

.github/workflows/mysql_hardening.yml

@@ -37,7 +37,6 @@ jobs:
       fail-fast: false
       matrix:
         molecule_distro:
-          - centos7
           - centosstream8
           - centosstream9
           - rocky8

.github/workflows/nginx_hardening.yml

@@ -36,7 +36,6 @@ jobs:
       fail-fast: false
       matrix:
         molecule_distro:
-          - centos7
           - centosstream8
           - centosstream9
           - rocky8

.github/workflows/os_hardening.yml

@@ -36,7 +36,6 @@ jobs:
       fail-fast: false
       matrix:
         molecule_distro:
-          - centos7
           - centosstream8
           - centosstream9
           - rocky8

.github/workflows/os_hardening_vm.yml

@@ -36,7 +36,6 @@ jobs:
       fail-fast: false
       matrix:
         molecule_distro:
-          - generic/centos7
           - generic/centos8s
           - generic/centos9s
           - generic/rocky8

.github/workflows/roles-readme.yml

@@ -6,10 +6,12 @@ on:  # yamllint disable-line rule:truthy
     branches: [master]
     paths:
       - 'roles/**/meta/argument_specs.yml'
+      - 'roles/**/meta/main.yml'
   pull_request:
     branches: [master]
     paths:
       - 'roles/**/meta/argument_specs.yml'
+      - 'roles/**/meta/main.yml'
 
 jobs:
   readme:

.github/workflows/ssh_hardening.yml

@@ -36,7 +36,6 @@ jobs:
       fail-fast: false
       matrix:
         molecule_distro:
-          - centos7
           - centosstream8
           - centosstream9
           - rocky8

.github/workflows/ssh_hardening_custom_tests.yml

@@ -36,7 +36,6 @@ jobs:
       fail-fast: false
       matrix:
         molecule_distro:
-          - centos7
           - centosstream8
           - centosstream9
           - rocky8

README.md

@@ -13,7 +13,7 @@
 This collection provides battle tested hardening for:
 
 - Linux operating systems:
-  - CentOS 7/8/9
+  - CentOS 8/9
   - Rocky Linux 8/9
   - Debian 10/11/12
   - Ubuntu 18.04/20.04/22.04

roles/mysql_hardening/meta/main.yml

@@ -8,7 +8,6 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - "7"
         - "8"
         - "9"
     - name: Ubuntu

roles/nginx_hardening/meta/main.yml

@@ -8,7 +8,6 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - "7"
         - "8"
         - "9"
     - name: Ubuntu

roles/os_hardening/meta/main.yml

@@ -8,7 +8,6 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - "7"
         - "8"
         - "9"
     - name: Ubuntu

roles/os_hardening/vars/RedHat_7.yml

@@ -1,88 +0,0 @@
----
-os_packages_pam_ccreds: pam_ccreds
-os_nologin_shell_path: /sbin/nologin
-
-# Different distros use different standards for /etc/shadow perms, e.g.
-# RHEL derivatives use root:root 0000, whereas Debian-based use root:shadow 0640.
-# You must provide key/value pairs for owner, group, and mode if overriding.
-os_shadow_perms:
-  owner: root
-  group: root
-  mode: "0000"
-
-os_passwd_perms:
-  owner: root
-  group: root
-  mode: "0644"
-
-os_env_umask: "077"
-
-os_auth_uid_min: 1000
-os_auth_uid_max: 60000
-os_auth_gid_min: 1000
-os_auth_gid_max: 60000
-os_auth_sys_uid_min: 201
-os_auth_sys_uid_max: 999
-os_auth_sys_gid_min: 201
-os_auth_sys_gid_max: 999
-os_auth_sub_uid_min: 100000
-os_auth_sub_uid_max: 600100000
-os_auth_sub_uid_count: 65536
-os_auth_sub_gid_min: 100000
-os_auth_sub_gid_max: 600100000
-os_auth_sub_gid_count: 65536
-
-os_auth_pam_sssd_enable: false
-
-os_mnt_boot_dir_mode: '0700'
-os_mnt_boot_group: 'root'
-os_mnt_boot_owner: 'root'
-
-os_mnt_dev_dir_mode: '0755'
-os_mnt_dev_group: 'root'
-os_mnt_dev_owner: 'root'
-
-os_mnt_dev_shm_dir_mode: '1777'
-os_mnt_dev_shm_group: 'root'
-os_mnt_dev_shm_owner: 'root'
-
-os_mnt_home_dir_mode: '0755'
-os_mnt_home_group: 'root'
-os_mnt_home_owner: 'root'
-
-os_mnt_run_dir_mode: '0755'
-os_mnt_run_group: 'root'
-os_mnt_run_owner: 'root'
-
-os_mnt_tmp_dir_mode: '1777'
-os_mnt_tmp_group: 'root'
-os_mnt_tmp_owner: 'root'
-
-os_mnt_var_dir_mode: '0755'
-os_mnt_var_group: 'root'
-os_mnt_var_owner: 'root'
-
-os_mnt_var_log_dir_mode: '0755'
-os_mnt_var_log_group: 'root'
-os_mnt_var_log_owner: 'root'
-
-os_mnt_var_log_audit_dir_mode: '0700'
-os_mnt_var_log_audit_group: 'root'
-os_mnt_var_log_audit_owner: 'root'
-
-os_mnt_var_tmp_dir_mode: '1777'
-os_mnt_var_tmp_group: 'root'
-os_mnt_var_tmp_owner: 'root'
-
-# defaults for useradd
-os_useradd_mail_dir: /var/spool/mail
-os_useradd_create_home: true
-
-modprobe_package: module-init-tools
-auditd_package: audit
-
-hidepid_option: "0" # allowed values: 0, 1, 2
-
-sysctl_unsupported_entries:
-  - fs.protected_fifos
-  - fs.protected_regular

roles/ssh_hardening/meta/main.yml

@@ -8,7 +8,6 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - "7"
         - "8"
         - "9"
     - name: Ubuntu

roles/ssh_hardening/vars/RedHat_7.yml

@@ -1,24 +0,0 @@
----
-sshd_path: /usr/sbin/sshd
-ssh_host_keys_dir: /etc/ssh
-sshd_service_name: sshd
-ssh_owner: root
-ssh_group: root
-ssh_host_keys_owner: root
-ssh_host_keys_group: ssh_keys
-ssh_host_keys_mode: "0600"
-ssh_selinux_packages:
-  - policycoreutils-python
-  - checkpolicy
-
-# true if SSH support Kerberos
-ssh_kerberos_support: true
-
-# true if SSH has PAM support
-ssh_pam_support: true
-
-sshd_moduli_file: /etc/ssh/moduli
-
-# disable CRYPTO_POLICY to take settings from sshd configuration
-# see: https://access.redhat.com/solutions/4410591
-sshd_disable_crypto_policy: true