mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-09-20 05:11:53 +00:00
Add full support for Debian 11 (#538)
* Include Debian 11 into Molecule test suites (#527) Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Fix Ansible Lint GitHub Action version (#527) Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Update .gitignore Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * mysql_hardening: Use Python 3 as Ansible interpreter (#527) Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Note Debian 11 support for os_hardening & nginx_hardening (#527) Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Fix lint issues & Ansible Lint configuration in CI Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Try to fix YAML lint issues, again Re-ordered YAML comments at the end of `.yamllint` file. Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * rm debian9 from tests, add debian 11 where missing Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * fix mysql molecule tests Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
This commit is contained in:
parent
ebe43504a2
commit
eef8708918
13 changed files with 27 additions and 7 deletions
1
.github/workflows/ansible-lint.yml
vendored
1
.github/workflows/ansible-lint.yml
vendored
|
@ -5,7 +5,6 @@ on: [push, pull_request] # yamllint disable-line rule:truthy
|
|||
|
||||
jobs:
|
||||
ansible-lint:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
|
|
2
.github/workflows/mysql_hardening.yml
vendored
2
.github/workflows/mysql_hardening.yml
vendored
|
@ -27,8 +27,8 @@ jobs:
|
|||
- ubuntu1804
|
||||
- ubuntu2004
|
||||
- ubuntu2204
|
||||
- debian9
|
||||
- debian10
|
||||
- debian11
|
||||
# - amazon # geerlingguy.mysql does not support fedora
|
||||
# - arch # needs to be fixed
|
||||
# - opensuse_tumbleweed # needs to be fixed
|
||||
|
|
2
.github/workflows/nginx_hardening.yml
vendored
2
.github/workflows/nginx_hardening.yml
vendored
|
@ -27,8 +27,8 @@ jobs:
|
|||
- ubuntu1804
|
||||
- ubuntu2004
|
||||
- ubuntu2204
|
||||
- debian9
|
||||
- debian10
|
||||
- debian11
|
||||
- amazon
|
||||
# - arch # needs to be fixed
|
||||
# - opensuse_tumbleweed # needs to be fixed
|
||||
|
|
2
.github/workflows/os_hardening.yml
vendored
2
.github/workflows/os_hardening.yml
vendored
|
@ -27,8 +27,8 @@ jobs:
|
|||
- ubuntu1804
|
||||
- ubuntu2004
|
||||
- ubuntu2204
|
||||
- debian9
|
||||
- debian10
|
||||
- debian11
|
||||
- amazon
|
||||
- opensuse_tumbleweed
|
||||
# - arch # needs to be fixed
|
||||
|
|
2
.github/workflows/os_hardening_vm.yml
vendored
2
.github/workflows/os_hardening_vm.yml
vendored
|
@ -27,8 +27,8 @@ jobs:
|
|||
- ubuntu1804
|
||||
- ubuntu2004
|
||||
- ubuntu2204
|
||||
- debian9
|
||||
- debian10
|
||||
- debian11
|
||||
# - opensuse42 # opensuse currently cannot get an ip address
|
||||
# - arch - arch is currently not supported by cinc-auditor
|
||||
steps:
|
||||
|
|
2
.github/workflows/ssh_hardening.yml
vendored
2
.github/workflows/ssh_hardening.yml
vendored
|
@ -28,8 +28,8 @@ jobs:
|
|||
- ubuntu1804
|
||||
- ubuntu2004
|
||||
- ubuntu2204
|
||||
- debian9
|
||||
- debian10
|
||||
- debian11
|
||||
- amazon
|
||||
# - arch # needs to be fixed
|
||||
# - opensuse_tumbleweed # baseline is not compatible with suse
|
||||
|
|
|
@ -28,8 +28,8 @@ jobs:
|
|||
- ubuntu1804
|
||||
- ubuntu2004
|
||||
- ubuntu2204
|
||||
- debian9
|
||||
- debian10
|
||||
- debian11
|
||||
- amazon
|
||||
# - arch # needs to be fixed
|
||||
# - opensuse_tumbleweed # baseline is not compatible with suse
|
||||
|
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,3 +1,4 @@
|
|||
.kitchen
|
||||
hosts
|
||||
Gemfile.lock
|
||||
.venv
|
|
@ -14,6 +14,7 @@ This collection provides battle tested hardening for:
|
|||
- CentOS 7/8
|
||||
- Rocky Linux 8
|
||||
- Debian 9/10
|
||||
- Debian 11 (some roles supported)
|
||||
- Ubuntu 16.04/18.04/20.04/22.04
|
||||
- Amazon Linux (some roles supported)
|
||||
- Arch Linux (some roles supported)
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
- name: wrapper playbook for kitchen testing "ansible-mysql-hardening"
|
||||
hosts: all
|
||||
become: true
|
||||
collections:
|
||||
- devsec.hardening
|
||||
environment:
|
||||
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
|
||||
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
|
||||
|
|
|
@ -8,6 +8,20 @@
|
|||
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
|
||||
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
|
||||
tasks:
|
||||
- name: Use Python 3 on Debian 11
|
||||
set_fact:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
when:
|
||||
- ansible_distribution == 'Debian'
|
||||
- ansible_distribution_major_version|int >= 11
|
||||
|
||||
- name: Use Python 2 on Debian 10
|
||||
set_fact:
|
||||
ansible_python_interpreter: /usr/bin/python
|
||||
when:
|
||||
- ansible_distribution == 'Debian'
|
||||
- ansible_distribution_major_version|int == 10
|
||||
|
||||
- name: Run the equivalent of "apt-get update && apt-get upgrade"
|
||||
apt:
|
||||
name: "*"
|
||||
|
@ -42,6 +56,7 @@
|
|||
- ansible_distribution != "Ubuntu"
|
||||
- ansible_distribution_major_version|int < 20
|
||||
|
||||
|
||||
- include_role:
|
||||
name: dev-sec.mysql
|
||||
|
||||
|
|
|
@ -18,6 +18,7 @@ galaxy_info:
|
|||
versions:
|
||||
- stretch
|
||||
- buster
|
||||
- bullseye
|
||||
galaxy_tags:
|
||||
- system
|
||||
- security
|
||||
|
|
|
@ -18,6 +18,7 @@ galaxy_info:
|
|||
versions:
|
||||
- stretch
|
||||
- buster
|
||||
- bullseye
|
||||
- name: Amazon
|
||||
- name: Fedora
|
||||
- name: Archlinux
|
||||
|
|
Loading…
Reference in a new issue