Mirrors/ansible-collection-hardening

mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00

Author	SHA1	Message	Date
Sebastian Gumprich	720d7786b5	fix typo	2022-08-22 12:39:21 +02:00
Sebastian Gumprich	84412e99c2	fix typo	2022-08-22 11:25:08 +02:00
Sebastian Gumprich	82bb46d7cc	update supported OS	2022-08-16 17:21:06 +02:00
Daya Adianto	eef8708918	Add full support for Debian 11 (#538 ) * Include Debian 11 into Molecule test suites (#527) Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Fix Ansible Lint GitHub Action version (#527) Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Update .gitignore Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * mysql_hardening: Use Python 3 as Ansible interpreter (#527) Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Note Debian 11 support for os_hardening & nginx_hardening (#527) Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Fix lint issues & Ansible Lint configuration in CI Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * Try to fix YAML lint issues, again Re-ordered YAML comments at the end of `.yamllint` file. Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> * rm debian9 from tests, add debian 11 where missing Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * fix mysql molecule tests Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2022-08-16 15:02:27 +02:00
schurzi	b56c801574	add basic support for ubuntu22.04 (#554 ) Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2022-08-15 13:05:09 +02:00
Martin Schurz	edda7075a2	add badge for tests Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2022-07-11 12:17:34 +02:00
Martin Schurz	18d01327eb	improve linking to legacy roles Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2022-05-04 13:44:52 +02:00
Sebastian Gumprich	72ec118a6d	add rocky linux 8 tests and make sure that all relevant tasks are execd (#457 ) * add rocky linux 8 tests and make sure that all relevant tasks are executed Signed-off-by: rndmh3ro <github@gumpri.ch> * fix missing quote Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-06-30 13:09:12 +02:00
Sebastian Gumprich	f9bbdb20fe	add install instructions	2021-02-25 07:57:55 +01:00
Martin Schurz	c6114278a1	fix minimum required ansible version in docs Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2021-02-05 20:39:04 +01:00
Farid Joubbi	5675589e01	Sorted sysctl values and lists in READMEs alphabetically (No functional changes). (#371 ) * Add s's for consistency. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Sort lists alphabetically. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Sorted sysctl_config alphabetically. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Sort removed protocols. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Added dots in variable descriptions for the sake of consistency. Signed-off-by: Farid Joubbi <farid@joubbi.se> * Added dots in variable descriptions for the sake of consistency. Signed-off-by: Farid Joubbi <farid@joubbi.se>	2021-01-08 20:45:50 +01:00
Sebastian Gumprich	faffddbf31	add a runtime.yml to declare minimum ansible version (#363 ) * add a runtime.yml to declare minimum ansible version Signed-off-by: Sebastian Gumprich <github@gumpri.ch> * add minimum ansible version to reamde Signed-off-by: Sebastian Gumprich <github@gumpri.ch> * Prettified Code!	2020-12-26 21:27:19 +01:00
Sebastian Gumprich	cade17ec30	fix typo	2020-11-11 21:54:31 +01:00
Sebastian Gumprich	6b03886b4b	update readme to point to old role Signed-off-by: Sebastian Gumprich <github@gumpri.ch>	2020-11-11 20:44:35 +01:00
rndmh3ro	c94d973527	Prettified Code!	2020-11-08 10:20:25 +00:00
Sebastian Gumprich	ac3c12d264	move to collections	2020-11-07 21:19:43 +01:00
alegrey91	a8e349913d	Mount proc filesystem using hidepid option (#283 ) * Added task to mount proc fs using hidepid option Signed-off-by: alessio <ale_grey_91@hotmail.it> Signed-off-by: alegrey91 <ale_grey_91@hotmail.it> Signed-off-by: alessio <ale_grey_91@hotmail.it> * Removed mount shell command due to ci problem Signed-off-by: alegrey91 <ale_grey_91@hotmail.it> Signed-off-by: alessio <ale_grey_91@hotmail.it> * Added task to create mount point before to add fstab entry Signed-off-by: alegrey91 <ale_grey_91@hotmail.it> Signed-off-by: alessio <ale_grey_91@hotmail.it> * Added check to ensure fstab exist Signed-off-by: alegrey91 <ale_grey_91@hotmail.it> Signed-off-by: alessio <ale_grey_91@hotmail.it> * Modified task title Signed-off-by: alegrey91 <ale_grey_91@hotmail.it> Signed-off-by: alessio <ale_grey_91@hotmail.it> * Fixed typo Signed-off-by: alegrey91 <ale_grey_91@hotmail.it> Signed-off-by: alessio <ale_grey_91@hotmail.it> * Fixed typo Signed-off-by: alegrey91 <ale_grey_91@hotmail.it> Signed-off-by: alessio <ale_grey_91@hotmail.it> * Fixed wrong indented lines Signed-off-by: alegrey91 <ale_grey_91@hotmail.it> Signed-off-by: alessio <ale_grey_91@hotmail.it> * Removed useless tasks and improved variables use Signed-off-by: alessio <ale_grey_91@hotmail.it> * removed ansible test tag Signed-off-by: alessio <ale_grey_91@hotmail.it> * removed trailing whitespace Signed-off-by: alessio <ale_grey_91@hotmail.it> * updated documentation Signed-off-by: alessio <ale_grey_91@hotmail.it> * fixed typo Signed-off-by: alessio <ale_grey_91@hotmail.it> * Update README.md * Update vars/main.yml Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2020-07-21 22:35:50 +02:00
Sebastian Gumprich	990f95807f	remove mention of gitter	2020-07-12 09:16:22 +02:00
Sebastian Gumprich	365d7389c7	add selinux options to the readme	2020-05-05 21:28:26 +02:00
Jared Ledvina	908d1faab7	Add kernel parameter information to README (#259 ) * Add kernel parameter information to README Add initial documentation around configuring audit=1 to reduce the inaccuracies in the auditd logs. Closes https://github.com/dev-sec/ansible-os-hardening/issues/253 Signed-off-by: Jared Ledvina <jared@techsmix.net> * Cleanup spellinng Signed-off-by: Jared Ledvina <jared@techsmix.net>	2020-01-25 17:08:00 +01:00
Jan Dittberner	ce6af914c8	Make max_log_file_action for auditd configurable (#246 ) * Make max_log_file_action for auditd configurable This commit allows to configure the max_log_file_action auf auditd to avoid filling small /var/log partitions for systems that create many audit log entries. Or run for a long period of time. Signed-off-by: Jan Dittberner <jan.dittberner@t-systems.com> * Add os_auditd_max_log_file_action to README Signed-off-by: Jan Dittberner <jan.dittberner@t-systems.com>	2019-11-07 16:19:42 +01:00
Jared Ledvina	03faef5a75	Update location of NSA RHEL 5 Guide closes https://github.com/dev-sec/ansible-os-hardening/issues/227 Updates the URL to the NSA Guide to the Secure Configuration of Red Hat Enterprise Linux 5 (version 4.2) Signed-off-by: Jared Ledvina <jared@techsmix.net>	2019-10-06 00:45:47 -04:00
Sebastian Gumprich	2b037fc1d9	add install instructions to readme	2019-04-29 16:48:52 +02:00
Chris McKee	9108a83a03	Add note about docker under warning Signed-off-by: Chris McKee <pcdevils@gmail.com>	2019-03-29 01:44:23 +00:00
Ruslan Baratov	8e891f2575	Fix typo Signed-off-by: Ruslan Baratov <ruslan_baratov@yahoo.com>	2019-03-19 19:28:59 +03:00
pmav99	f5ae581d71	[readme] Update documentation link The old link was no longer valid	2019-01-17 17:06:32 +02:00
John Szivós	df13320c73	ensure that permissions to su-binary are not restricted to root user and group only, if os_security_users_allow contains the value change_user	2018-10-11 20:38:02 +02:00
Sebastian Gumprich	67f16f166c	add option to disable auditd	2018-09-16 20:56:48 +02:00
Sebastian Gumprich	e439904fd0	update minimum ansible version	2018-08-01 21:08:16 +02:00
Tom Carchrae	b215e4f6ba	comment is wrong/misleading	2018-06-08 08:27:32 -07:00
Sebastian Gumprich	60c26e3b47	Update README.md	2018-04-29 12:48:21 +02:00
Sebastian Gumprich	a002e5e6c9	Update README.md	2018-04-29 12:46:52 +02:00
Sebastian Gumprich	a4e383795f	Update README.md	2018-04-09 21:31:44 +02:00
Sebastian Gumprich	1159eb5f00	Update README.md	2018-03-15 15:59:42 +01:00
Sebastian Gumprich	79aaab36b6	Update README.md	2018-03-15 15:59:21 +01:00
Sebastian Gumprich	aa0036a1c1	Update README.md	2018-03-14 17:19:26 +01:00
Thomas Fan	15b0c1726e	Update syntax to 2.4	2018-01-23 14:55:36 -05:00
Sebastian Gumprich	19b8788a39	remove unused parameter from readme	2018-01-03 10:43:13 +01:00
Sebastian Gumprich	a1727e24e4	Merge pull request #139 from dev-sec/fix_124 update readme	2017-12-23 15:35:34 +01:00
Manuel Prinz	d429d53c60	Prevent disabling of filesystems via whitelist	2017-11-01 14:10:15 +01:00
Sebastian Gumprich	62d20e299f	install modprobe package, check for modprobe use apt and yum instead of package Revert "use apt and yum instead of package" This reverts commit 215a97b1867a7a8af5e0e64e9f77181d4c4a5050. use latest to install kmod run apt-get update	2017-08-07 14:56:42 +02:00
Sebastian Gumprich	0fa457d967	update readme	2017-08-06 15:48:51 +02:00
Sebastian Gumprich	a1a1371a83	update readme	2017-08-05 21:58:29 +02:00
Sebastian Gumprich	6d21d249b9	Merge pull request #120 from dev-sec/combined_sysctl add more sysctl settings, allow overwriting	2017-06-27 20:59:04 +02:00
Sebastian Gumprich	0b8e42c5c6	remove 12.04 support	2017-06-27 15:03:22 +02:00
Sebastian Gumprich	7bbd479a9a	Update README.md	2017-05-28 18:31:10 +02:00
Sebastian Gumprich	5c48c74f79	add more sysctl settings, allow overwriting	2017-05-07 15:12:31 +02:00
Sebastian Gumprich	dfc505634b	update min ansible version	2017-02-28 21:34:35 +01:00
Sebastian Gumprich	a8f8cd083a	Update README.md	2017-01-09 07:24:57 +01:00
Sebastian Gumprich	accdeecde4	Local testing with Docker This PR changes the local testing method to docker by default, making the tests significantly faster to execute.	2016-06-28 18:32:33 +02:00

1 2

63 commits