Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #656 from dev-sec/update_Tests

Browse source 
Update test environment
This commit is contained in:
schurzi 2023-04-12 22:21:49 +02:00 committed by GitHub
commit 4a21ec0234
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 144 additions and 284 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/mysql_hardening.yml vendored
View file

@ -27,7 +27,7 @@ concurrency:
jobs:
build:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest
env:
PY_COLORS: 1
ANSIBLE_FORCE_COLOR: 1
@ -46,8 +46,8 @@ jobs:
- debian10
- debian11
# - amazon # geerlingguy.mysql does not support fedora
# - arch # needs to be fixed
- opensuse_tumbleweed # needs to be fixed
# - arch # geerlingguy.mysql does not support arch
- opensuse_tumbleweed
# - fedora # geerlingguy.mysql does not support fedora
steps:
- name: Checkout repo
@ -56,10 +56,10 @@ jobs:
path: ansible_collections/devsec/hardening
submodules: true
- name: Set up Python 3.7
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: 3.7
python-version: 3.11
- name: Install dependencies
run: |
@ -68,11 +68,6 @@ jobs:
pip install -r requirements.txt
working-directory: ansible_collections/devsec/hardening
- name: Create default collection path symlink
run: |
mkdir -p /home/runner/.ansible
ln -s /home/runner/work/ansible-os-hardening/ansible-os-hardening /home/runner/.ansible/collections
# that was a hard one to fix. robert did it thankfully
# https://github.com/robertdebock/ansible-role-mysql/commit/7562e99099b06282391ab7ed102b393a0406d212
- name: disable apparmor on debian systems

13
.github/workflows/nginx_hardening.yml vendored
View file

@ -26,7 +26,7 @@ concurrency:
jobs:
build:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest
env:
PY_COLORS: 1
ANSIBLE_FORCE_COLOR: 1
@ -44,7 +44,7 @@ jobs:
- ubuntu2204
- debian10
- debian11
- amazon
- amazon2023
# - arch # needs to be fixed
# - opensuse_tumbleweed # needs to be fixed
# - fedora # no support from geerlingguy role
@ -55,10 +55,10 @@ jobs:
path: ansible_collections/devsec/hardening
submodules: true
- name: Set up Python 3.7
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: 3.7
python-version: 3.11
- name: Install dependencies
run: |
@ -67,11 +67,6 @@ jobs:
pip install -r requirements.txt
working-directory: ansible_collections/devsec/hardening
- name: Create default collection path symlink
run: |
mkdir -p /home/runner/.ansible
ln -s /home/runner/work/ansible-os-hardening/ansible-os-hardening /home/runner/.ansible/collections
- name: Test with molecule
run: |
molecule --version

16
.github/workflows/os_hardening.yml vendored
View file

@ -26,7 +26,7 @@ concurrency:
jobs:
build:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest
env:
PY_COLORS: 1
ANSIBLE_FORCE_COLOR: 1
@ -39,14 +39,15 @@ jobs:
- centosstream9
- rocky8
- rocky9
- fedora
- ubuntu1804
- ubuntu2004
- ubuntu2204
- debian10
- debian11
- amazon
- amazon2023
- opensuse_tumbleweed
# - arch # needs to be fixed
- arch
steps:
- name: Checkout repo
uses: actions/checkout@v3
@ -54,10 +55,10 @@ jobs:
path: ansible_collections/devsec/hardening
submodules: true
- name: Set up Python 3.7
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: 3.7
python-version: 3.11
- name: Install dependencies
run: |
@ -66,11 +67,6 @@ jobs:
pip install -r requirements.txt
working-directory: ansible_collections/devsec/hardening
- name: Create default collection path symlink
run: |
mkdir -p /home/runner/.ansible
ln -s /home/runner/work/ansible-os-hardening/ansible-os-hardening /home/runner/.ansible/collections
- name: Test with molecule
run: |
if [ "$MOLECULE_DISTRO" = "opensuse_tumbleweed" ]; then

4
.github/workflows/os_hardening_vm.yml vendored
View file

@ -39,13 +39,15 @@ jobs:
- centos9s
- rocky8
- rocky9
- fedora36
- fedora37
- ubuntu1804
- ubuntu2004
- ubuntu2204
- debian10
- debian11
- opensuse15
# - arch # arch is currently not supported by cinc-auditor
# - arch # needs fix for audit
steps:
- name: Checkout repo
uses: actions/checkout@v3

17
.github/workflows/ssh_hardening.yml vendored
View file

@ -26,7 +26,7 @@ concurrency:
jobs:
build:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest
env:
PY_COLORS: 1
ANSIBLE_FORCE_COLOR: 1
@ -45,9 +45,9 @@ jobs:
- ubuntu2204
- debian10
- debian11
- amazon
# - arch # needs to be fixed
# - opensuse_tumbleweed # baseline is not compatible with suse
- amazon2023
- arch
# - opensuse_tumbleweed # needs fix - opensuse has different file location for conf and pam (/usr/etc/ssh/?, /usr/lib/pam.d/?)
steps:
- name: Checkout repo
uses: actions/checkout@v3
@ -55,10 +55,10 @@ jobs:
path: ansible_collections/devsec/hardening
submodules: true
- name: Set up Python 3.7
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: 3.7
python-version: 3.11
- name: Install dependencies
run: |
@ -67,11 +67,6 @@ jobs:
pip install -r requirements.txt
working-directory: ansible_collections/devsec/hardening
- name: Create default collection path symlink
run: |
mkdir -p /home/runner/.ansible
ln -s /home/runner/work/ansible-os-hardening/ansible-os-hardening /home/runner/.ansible/collections
- name: Test with molecule
run: |
if [ "$MOLECULE_DISTRO" = "opensuse_tumbleweed" ]; then

17
.github/workflows/ssh_hardening_custom_tests.yml vendored
View file

@ -26,7 +26,7 @@ concurrency:
jobs:
build:
runs-on: ubuntu-18.04
runs-on: ubuntu-latest
env:
PY_COLORS: 1
ANSIBLE_FORCE_COLOR: 1
@ -45,9 +45,9 @@ jobs:
- ubuntu2204
- debian10
- debian11
- amazon
# - arch # needs to be fixed
# - opensuse_tumbleweed # baseline is not compatible with suse
- amazon2023
- arch
# - opensuse_tumbleweed # needs fix - opensuse has different file location for conf and pam (/usr/etc/ssh/?, /usr/lib/pam.d/?)
steps:
- name: Checkout repo
uses: actions/checkout@v3
@ -55,10 +55,10 @@ jobs:
path: ansible_collections/devsec/hardening
submodules: true
- name: Set up Python 3.7
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: 3.7
python-version: 3.11
- name: Install dependencies
run: |
@ -67,11 +67,6 @@ jobs:
pip install -r requirements.txt
working-directory: ansible_collections/devsec/hardening
- name: Create default collection path symlink
run: |
mkdir -p /home/runner/.ansible
ln -s /home/runner/work/ansible-os-hardening/ansible-os-hardening /home/runner/.ansible/collections
- name: Test with molecule
run: |
if [ "$MOLECULE_DISTRO" = "opensuse_tumbleweed" ]; then

2
molecule/mysql_hardening/molecule.yml
View file

@ -22,7 +22,7 @@ provisioner:
config_options:
defaults:
interpreter_python: auto_silent
callback_whitelist: profile_tasks, timer, yaml
callbacks_enabled: profile_tasks, timer, yaml
verifier:
name: ansible

2
molecule/mysql_hardening/requirements.yml
View file

@ -1,7 +1,5 @@
---
roles:
- name: geerlingguy.git
version: 3.0.1
- name: dev-sec.mysql
version: master

54
molecule/mysql_hardening/verify.yml
View file

@ -6,26 +6,12 @@
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
roles:
- geerlingguy.git
tasks:
- name: install fake SuSE-release for cinc compatibility
copy:
content: |
openSUSE Faked Enterprise 2020 (x86_64)
VERSION = 2020
CODENAME = Faked Feature
dest: /etc/SuSE-release
owner: root
group: root
mode: '0444'
when: ansible_facts.os_family == 'Suse'
- name: install git for SuSE since geerlinguy.git does not support it
zypper:
name: git
state: present
when: ansible_facts.os_family == 'Suse'
- name: Use Python 3 on Suse
set_fact:
ansible_python_interpreter: /usr/bin/python3
when:
- ansible_os_family == 'Suse'
- name: install procps for debian systems
apt:
@ -34,29 +20,27 @@
update_cache: true
when: ansible_distribution == 'Debian'
- name: Use Python 3 on Suse
set_fact:
ansible_python_interpreter: /usr/bin/python3
when:
- ansible_os_family == 'Suse'
- name: include tests for the service
include_tasks: verify_tasks/service.yml
- name: include tests for MySQL user
include_tasks: verify_tasks/mysql_users.yml
- name: download cinc-auditor
get_url:
url: https://omnitruck.cinc.sh/install.sh
dest: /tmp/install.sh
mode: '0775'
- name: install cinc-auditor
shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
- name: Verify
hosts: localhost
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
tasks:
- name: Execute cinc-auditor tests
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/mysql-baseline/archive/refs/heads/master.zip"
command: >
docker run
--volume /run/docker.sock:/run/docker.sock
docker.io/cincproject/auditor exec
-t docker://instance
--no-show-progress --no-color
--no-distinct-exit https://github.com/dev-sec/mysql-baseline/archive/refs/heads/master.zip
register: test_results
changed_when: false
ignore_errors: true

2
molecule/nginx_hardening/converge.yml
View file

@ -2,6 +2,8 @@
- name: wrapper playbook for kitchen testing "ansible-nginx-hardening" with custom settings
become: true
hosts: all
collections:
- devsec.hardening
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"

2
molecule/nginx_hardening/molecule.yml
View file

@ -21,7 +21,7 @@ provisioner:
config_options:
defaults:
interpreter_python: auto_silent
callback_whitelist: profile_tasks, timer, yaml
callbacks_enabled: profile_tasks, timer, yaml
verifier:
name: ansible

1
molecule/nginx_hardening/requirements.yml
View file

@ -1,4 +1,3 @@
---
roles:
- geerlingguy.git
- geerlingguy.nginx

55
molecule/nginx_hardening/verify.yml
View file

@ -6,48 +6,29 @@
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
roles:
- geerlingguy.git
tasks:
- name: install fake SuSE-release for cinc compatibility
copy:
content: |
openSUSE Faked Enterprise 2020 (x86_64)
VERSION = 2020
CODENAME = Faked Feature
dest: /etc/SuSE-release
owner: root
group: root
mode: '0444'
when: ansible_facts.os_family == 'Suse'
- name: install git for SuSE since geerlinguy.git does not support it
zypper:
name: git
state: present
when: ansible_facts.os_family == 'Suse'
- name: Run the equivalent of "apt-get update" as a separate step
apt:
update_cache: true
when: ansible_facts.os_family == 'Debian'
- name: install required tools on debian
- name: install procps for debian systems
apt:
name: procps
when: ansible_facts.os_family == 'Debian'
- name: download cinc-auditor
get_url:
url: https://omnitruck.cinc.sh/install.sh
dest: /tmp/install.sh
mode: '0775'
- name: install cinc-auditor
shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
state: present
update_cache: true
when: ansible_distribution == 'Debian'
- name: Verify
hosts: localhost
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
tasks:
- name: Execute cinc-auditor tests
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/nginx-baseline/archive/refs/heads/master.zip"
command: >
docker run
--volume /run/docker.sock:/run/docker.sock
docker.io/cincproject/auditor exec
-t docker://instance
--no-show-progress --no-color
--no-distinct-exit https://github.com/dev-sec/nginx-baseline/archive/refs/heads/master.zip
register: test_results
changed_when: false
ignore_errors: true

6
molecule/os_hardening/molecule.yml
View file

@ -1,8 +1,4 @@
---
dependency:
name: galaxy
options:
role-file: molecule/os_hardening/requirements.yml
driver:
name: docker
platforms:
@ -21,7 +17,7 @@ provisioner:
config_options:
defaults:
interpreter_python: auto_silent
callback_whitelist: profile_tasks, timer, yaml
callbacks_enabled: profile_tasks, timer, yaml
verifier:
name: ansible

2
molecule/os_hardening/prepare.yml
View file

@ -2,8 +2,6 @@
- name: wrapper playbook for kitchen testing "ansible-os-hardening" with custom vars for testing
hosts: all
become: true
collections:
- devsec.hardening
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"

3
molecule/os_hardening/requirements.yml
View file

@ -1,3 +0,0 @@
---
roles:
- geerlingguy.git

68
molecule/os_hardening/verify.yml
View file

@ -6,37 +6,7 @@
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
roles:
- geerlingguy.git
tasks:
- name: install fake SuSE-release for cinc compatibility
copy:
content: |
openSUSE Faked Enterprise 2020 (x86_64)
VERSION = 2020
CODENAME = Faked Feature
dest: /etc/SuSE-release
owner: root
group: root
mode: '0444'
when: ansible_facts.os_family == 'Suse'
- name: install git for SuSE since geerlinguy.git does not support it
zypper:
name: git
state: present
when: ansible_facts.os_family == 'Suse'
- name: Run the equivalent of "apt-get update" as a separate step
apt:
update_cache: true
when: ansible_facts.os_family == 'Debian'
- name: install required tools on debian
apt:
name: procps
when: ansible_facts.os_family == 'Debian'
- name: include verification tasks
ansible.builtin.include_tasks:
file: "{{ item }}"
@ -54,17 +24,23 @@
include_tasks: verify_tasks/yum.yml
when: ansible_facts.os_family == 'RedHat'
- name: download cinc-auditor
get_url:
url: https://omnitruck.cinc.sh/install.sh
dest: /tmp/install.sh
mode: '0775'
- name: install cinc-auditor
shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
- name: Execute cinc-auditor tests # noqa ignore-errors
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit --waiver-file waivers.yaml https://github.com/dev-sec/linux-baseline/archive/refs/heads/master.zip"
- name: Verify
hosts: localhost
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
tasks:
- name: Execute cinc-auditor tests
command: >
docker run
--volume /run/docker.sock:/run/docker.sock
--volume {{ playbook_dir }}/waivers.yaml:/waivers.yaml
docker.io/cincproject/auditor exec
-t docker://instance
--no-show-progress --no-color
--waiver-file /waivers.yaml
--no-distinct-exit https://github.com/dev-sec/linux-baseline/archive/refs/heads/master.zip
register: test_results
changed_when: false
ignore_errors: true
@ -78,6 +54,16 @@
msg: "Inspec failed to validate"
when: test_results.rc != 0
- name: Verify
hosts: all
become: true
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
collections:
- devsec.hardening
tasks:
# test if variable can be overridden
- name: workaround for https://github.com/ansible/ansible/issues/66304
set_fact:

2
molecule/os_hardening_vm/molecule.yml
View file

@ -24,7 +24,7 @@ provisioner:
config_options:
defaults:
interpreter_python: auto_silent
callback_whitelist: profile_tasks, timer, yaml
callbacks_enabled: profile_tasks, timer, yaml
verifier:
name: ansible
env:

2
molecule/os_hardening_vm/prepare.yml
View file

@ -2,8 +2,6 @@
- name: wrapper playbook for kitchen testing "ansible-os-hardening" with custom vars for testing
hosts: all
become: true
collections:
- devsec.hardening
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"

65
molecule/os_hardening_vm/verify.yml
View file

@ -6,36 +6,7 @@
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
roles:
- geerlingguy.git
tasks:
- name: install fake SuSE-release for cinc compatibility
copy:
content: |
openSUSE Faked Enterprise 2020 (x86_64)
VERSION = 2020
CODENAME = Faked Feature
dest: /etc/SuSE-release
owner: root
group: root
mode: '0444'
when: ansible_facts.os_family == 'Suse'
- name: install git for SuSE since geerlinguy.git does not support it
zypper:
name: git
state: present
when: ansible_facts.os_family == 'Suse'
- name: Run the equivalent of "apt-get update" as a separate step
apt:
update_cache: true
when: ansible_facts.os_family == 'Debian'
- name: install required tools on debian
apt:
name: procps
when: ansible_facts.os_family == 'Debian'
- name: include PAM tests
include_tasks: verify_tasks/pam.yml
@ -45,17 +16,35 @@
include_tasks: verify_tasks/yum.yml
when: ansible_facts.os_family == 'RedHat'
- name: download cinc-auditor
get_url:
url: https://omnitruck.cinc.sh/install.sh
dest: /tmp/install.sh
mode: '0775'
- name: Verify
hosts: localhost
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
tasks:
- name: get ssh-config
command:
cmd: "vagrant ssh-config"
chdir: "{{ molecule_ephemeral_directory }}"
register: ssh_config
changed_when: false
- name: install cinc-auditor
shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
- name: create ssh-config file
copy:
content: "{{ ssh_config.stdout_lines | join ('\n') }}"
dest: "{{ molecule_ephemeral_directory }}/ssh-config"
changed_when: false
- name: Execute cinc-auditor tests # noqa ignore-errors
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/linux-baseline/archive/refs/heads/master.zip"
- name: Execute cinc-auditor tests
command: >
docker run
--volume {{ molecule_ephemeral_directory }}:{{ molecule_ephemeral_directory }}
docker.io/cincproject/auditor exec
--ssh-config-file={{ molecule_ephemeral_directory }}/ssh-config
-t ssh://{{ lookup('env', 'USER') }}
--sudo --no-show-progress --no-color
--no-distinct-exit https://github.com/dev-sec/linux-baseline/archive/refs/heads/master.zip
register: test_results
changed_when: false
ignore_errors: true

6
molecule/ssh_hardening/molecule.yml
View file

@ -1,8 +1,4 @@
---
dependency:
name: galaxy
options:
role-file: molecule/ssh_hardening/requirements.yml
driver:
name: docker
platforms:
@ -21,7 +17,7 @@ provisioner:
config_options:
defaults:
interpreter_python: auto_silent
callback_whitelist: profile_tasks, timer, yaml
callbacks_enabled: profile_tasks, timer, yaml
inventory:
host_vars:
# https://molecule.readthedocs.io/en/latest/examples.html#docker-with-non-privileged-user

3
molecule/ssh_hardening/requirements.yml
View file

@ -1,3 +0,0 @@
---
roles:
- geerlingguy.git

45
molecule/ssh_hardening/verify.yml
View file

@ -1,48 +1,19 @@
---
- name: Verify
hosts: all
become: true
hosts: localhost
environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
roles:
- geerlingguy.git
tasks:
- name: install fake SuSE-release for cinc compatibility
copy:
content: |
openSUSE Faked Enterprise 2020 (x86_64)
VERSION = 2020
CODENAME = Faked Feature
dest: /etc/SuSE-release
owner: root
group: root
mode: '0444'
when: ansible_facts.os_family == 'Suse'
- name: install git for SuSE since geerlinguy.git does not support it
zypper:
name: git
state: present
when: ansible_facts.os_family == 'Suse'
- name: install crypto compat modules on fedora
dnf:
name: libxcrypt-compat
when: ansible_facts.distribution == 'Fedora'
- name: download cinc-auditor
get_url:
url: https://omnitruck.cinc.sh/install.sh
dest: /tmp/install.sh
mode: '0775'
- name: install cinc-auditor
shell: "bash /tmp/install.sh -s -- -P cinc-auditor -v 4"
- name: Execute cinc-auditor tests
command: "/opt/cinc-auditor/bin/cinc-auditor exec --no-show-progress --no-color --no-distinct-exit https://github.com/dev-sec/ssh-baseline/archive/refs/heads/master.zip"
command: >
docker run
--volume /run/docker.sock:/run/docker.sock
docker.io/cincproject/auditor exec
-t docker://instance
--no-show-progress --no-color
--no-distinct-exit https://github.com/dev-sec/ssh-baseline/archive/refs/heads/master.zip
register: test_results
changed_when: false
ignore_errors: true

6
molecule/ssh_hardening_bsd/molecule.yml
View file

@ -1,8 +1,4 @@
---
dependency:
name: galaxy
options:
role-file: molecule/ssh_hardening_bsd/requirements.yml
driver:
name: vagrant
provider:
@ -24,7 +20,7 @@ provisioner:
config_options:
defaults:
interpreter_python: auto_silent
callback_whitelist: profile_tasks, timer, yaml
callbacks_enabled: profile_tasks, timer, yaml
verifier:
name: ansible
env:

3
molecule/ssh_hardening_bsd/requirements.yml
View file

@ -1,3 +0,0 @@
---
roles:
- geerlingguy.git

6
molecule/ssh_hardening_custom_tests/molecule.yml
View file

@ -1,8 +1,4 @@
---
dependency:
name: galaxy
options:
role-file: molecule/ssh_hardening/requirements.yml
driver:
name: docker
platforms:
@ -21,7 +17,7 @@ provisioner:
config_options:
defaults:
interpreter_python: auto_silent
callback_whitelist: profile_tasks, timer, yaml
callbacks_enabled: profile_tasks, timer, yaml
verifier:
name: ansible

3
molecule/ssh_hardening_custom_tests/requirements.yml
View file

@ -1,3 +0,0 @@
---
roles:
- geerlingguy.git

3
roles/mysql_hardening/meta/main.yml
View file

@ -10,6 +10,7 @@ galaxy_info:
versions:
- "7"
- "8"
- "9"
- name: Ubuntu
versions:
- bionic
@ -20,7 +21,7 @@ galaxy_info:
- bullseye
- buster
- name: Amazon
- name: Fedora
- name: opensuse
galaxy_tags:
- system
- security

2
roles/nginx_hardening/meta/main.yml
View file

@ -10,6 +10,7 @@ galaxy_info:
versions:
- "7"
- "8"
- "9"
- name: Ubuntu
versions:
- bionic
@ -19,6 +20,7 @@ galaxy_info:
versions:
- buster
- bullseye
- name: Amazon
galaxy_tags:
- system
- security

1
roles/os_hardening/meta/main.yml
View file

@ -10,6 +10,7 @@ galaxy_info:
versions:
- "7"
- "8"
- "9"
- name: Ubuntu
versions:
- bionic

2
roles/ssh_hardening/meta/main.yml
View file

@ -10,6 +10,7 @@ galaxy_info:
versions:
- "7"
- "8"
- "9"
- name: Ubuntu
versions:
- bionic
@ -23,7 +24,6 @@ galaxy_info:
- name: Fedora
- name: ArchLinux
- name: SmartOS
- name: opensuse
- name: FreeBSD
versions:
- "12.2"