Add full support for Debian 11 (#538)

* Include Debian 11 into Molecule test suites (#527)

Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>

* Fix Ansible Lint GitHub Action version (#527)

Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>

* Update .gitignore

Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>

* mysql_hardening: Use Python 3 as Ansible interpreter (#527)

Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>

* Note Debian 11 support for os_hardening & nginx_hardening (#527)

Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>

* Fix lint issues & Ansible Lint configuration in CI

Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>

* Try to fix YAML lint issues, again

Re-ordered YAML comments at the end of `.yamllint` file.

Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>

* rm debian9 from tests, add debian 11 where missing

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* fix mysql molecule tests

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
This commit is contained in:
Daya Adianto 2022-08-16 20:02:27 +07:00 committed by GitHub
parent ebe43504a2
commit eef8708918
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 27 additions and 7 deletions

View file

@ -5,7 +5,6 @@ on: [push, pull_request] # yamllint disable-line rule:truthy
jobs: jobs:
ansible-lint: ansible-lint:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:

View file

@ -27,8 +27,8 @@ jobs:
- ubuntu1804 - ubuntu1804
- ubuntu2004 - ubuntu2004
- ubuntu2204 - ubuntu2204
- debian9
- debian10 - debian10
- debian11
# - amazon # geerlingguy.mysql does not support fedora # - amazon # geerlingguy.mysql does not support fedora
# - arch # needs to be fixed # - arch # needs to be fixed
# - opensuse_tumbleweed # needs to be fixed # - opensuse_tumbleweed # needs to be fixed

View file

@ -27,8 +27,8 @@ jobs:
- ubuntu1804 - ubuntu1804
- ubuntu2004 - ubuntu2004
- ubuntu2204 - ubuntu2204
- debian9
- debian10 - debian10
- debian11
- amazon - amazon
# - arch # needs to be fixed # - arch # needs to be fixed
# - opensuse_tumbleweed # needs to be fixed # - opensuse_tumbleweed # needs to be fixed

View file

@ -27,8 +27,8 @@ jobs:
- ubuntu1804 - ubuntu1804
- ubuntu2004 - ubuntu2004
- ubuntu2204 - ubuntu2204
- debian9
- debian10 - debian10
- debian11
- amazon - amazon
- opensuse_tumbleweed - opensuse_tumbleweed
# - arch # needs to be fixed # - arch # needs to be fixed

View file

@ -27,8 +27,8 @@ jobs:
- ubuntu1804 - ubuntu1804
- ubuntu2004 - ubuntu2004
- ubuntu2204 - ubuntu2204
- debian9
- debian10 - debian10
- debian11
# - opensuse42 # opensuse currently cannot get an ip address # - opensuse42 # opensuse currently cannot get an ip address
# - arch - arch is currently not supported by cinc-auditor # - arch - arch is currently not supported by cinc-auditor
steps: steps:

View file

@ -28,8 +28,8 @@ jobs:
- ubuntu1804 - ubuntu1804
- ubuntu2004 - ubuntu2004
- ubuntu2204 - ubuntu2204
- debian9
- debian10 - debian10
- debian11
- amazon - amazon
# - arch # needs to be fixed # - arch # needs to be fixed
# - opensuse_tumbleweed # baseline is not compatible with suse # - opensuse_tumbleweed # baseline is not compatible with suse

View file

@ -28,8 +28,8 @@ jobs:
- ubuntu1804 - ubuntu1804
- ubuntu2004 - ubuntu2004
- ubuntu2204 - ubuntu2204
- debian9
- debian10 - debian10
- debian11
- amazon - amazon
# - arch # needs to be fixed # - arch # needs to be fixed
# - opensuse_tumbleweed # baseline is not compatible with suse # - opensuse_tumbleweed # baseline is not compatible with suse

1
.gitignore vendored
View file

@ -1,3 +1,4 @@
.kitchen .kitchen
hosts hosts
Gemfile.lock Gemfile.lock
.venv

View file

@ -14,6 +14,7 @@ This collection provides battle tested hardening for:
- CentOS 7/8 - CentOS 7/8
- Rocky Linux 8 - Rocky Linux 8
- Debian 9/10 - Debian 9/10
- Debian 11 (some roles supported)
- Ubuntu 16.04/18.04/20.04/22.04 - Ubuntu 16.04/18.04/20.04/22.04
- Amazon Linux (some roles supported) - Amazon Linux (some roles supported)
- Arch Linux (some roles supported) - Arch Linux (some roles supported)

View file

@ -2,6 +2,8 @@
- name: wrapper playbook for kitchen testing "ansible-mysql-hardening" - name: wrapper playbook for kitchen testing "ansible-mysql-hardening"
hosts: all hosts: all
become: true become: true
collections:
- devsec.hardening
environment: environment:
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}" http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}" https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"

View file

@ -8,6 +8,20 @@
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}" https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}" no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
tasks: tasks:
- name: Use Python 3 on Debian 11
set_fact:
ansible_python_interpreter: /usr/bin/python3
when:
- ansible_distribution == 'Debian'
- ansible_distribution_major_version|int >= 11
- name: Use Python 2 on Debian 10
set_fact:
ansible_python_interpreter: /usr/bin/python
when:
- ansible_distribution == 'Debian'
- ansible_distribution_major_version|int == 10
- name: Run the equivalent of "apt-get update && apt-get upgrade" - name: Run the equivalent of "apt-get update && apt-get upgrade"
apt: apt:
name: "*" name: "*"
@ -42,6 +56,7 @@
- ansible_distribution != "Ubuntu" - ansible_distribution != "Ubuntu"
- ansible_distribution_major_version|int < 20 - ansible_distribution_major_version|int < 20
- include_role: - include_role:
name: dev-sec.mysql name: dev-sec.mysql

View file

@ -18,6 +18,7 @@ galaxy_info:
versions: versions:
- stretch - stretch
- buster - buster
- bullseye
galaxy_tags: galaxy_tags:
- system - system
- security - security

View file

@ -18,6 +18,7 @@ galaxy_info:
versions: versions:
- stretch - stretch
- buster - buster
- bullseye
- name: Amazon - name: Amazon
- name: Fedora - name: Fedora
- name: Archlinux - name: Archlinux