Mirrors/ansible-collection-hardening

mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00

Author	SHA1	Message	Date
dev-sec CI	0ce08455ef	update changelog	2021-05-05 19:08:21 +00:00
schurzi	66b0fa28e5	Merge pull request #446 from rndmh3ro/fixing add back labels to changelog	2021-05-05 21:06:41 +02:00
rndmh3ro	07a0943c5a	Prettified Code!	2021-04-30 12:50:12 +00:00
alimli	4f42e0d396	ssh_allow_tcp_forwarding remote option added (#447 ) Signed-off-by: Haldun ALIMLI <haldun.alimli@upandrunning.cloud> Co-authored-by: Haldun ALIMLI <haldun.alimli@upandrunning.cloud>	2021-04-30 14:49:42 +02:00
Sebastian Gumprich	45711874e6	test release workflow with labels Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-29 07:46:06 +02:00
dev-sec CI	e9f23f0eac	update changelog	2021-04-28 08:37:30 +00:00
Iain R. Learmonth	93c489d3b2	Adds dependency on ansible.posix and community.general (#415 ) * galaxy.yml: Adds dependency on ansible.posix (Fixes: #414) This is required by the OS hardening role, which uses the mount module. * add community.general dependency Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2021-04-28 10:35:46 +02:00
dev-sec CI	180acf9540	update changelog	2021-04-28 07:53:52 +00:00
Martin Neubert	0324273dce	Check for MariaDB Version when selecting users without passwords (#444 ) * added version check for MariaDB in Query MariaDB Uses the authentication_string field since 10.4.0, added this in version check in query for users to delete Signed-off-by: Martin Neubert <martin.neubert@t-systems.com> * Update roles/mysql_hardening/tasks/mysql_secure_installation.yml Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> * Update roles/mysql_hardening/tasks/mysql_secure_installation.yml Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2021-04-28 09:52:09 +02:00
dev-sec CI	22f1802d97	update galaxy.yml with new version	2021-04-27 19:27:03 +00:00
dev-sec CI	f9945c41de	update changelog	2021-04-27 19:18:34 +00:00
Martin Neubert	284943b699	USER and HOST should be quoted (#443 ) USER and HOST should be quoted to avoid errors in drop user statement Signed-off-by: Martin Neubert <martin.neubert@t-systems.com>	2021-04-27 21:16:50 +02:00
Paul Seidler	b12ee4d23b	ssh: Client HostKeyAlgorithms configuration variable (#442 ) * ssh: Client HostKeyAlgorithms configuration variable Introduce a new variable ssh_client_host_key_algorithms to be able to configure it for the client like for the server. This fixes #441 Signed-off-by: Paul Seidler <705535+sepek@users.noreply.github.com> * sshd: Adapt the ssh_host_key_algorithms description Linking to the latest version may lead to a broken config so be a bit more dynamic Signed-off-by: Paul Seidler <705535+sepek@users.noreply.github.com>	2021-04-23 15:54:30 +02:00
dev-sec CI	0f30ebf753	update changelog	2021-04-09 06:17:17 +00:00
Sina Tak Tehrani	4313d6fbfb	fixed a typo in comments (#439 ) Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>	2021-04-09 08:15:11 +02:00
dev-sec CI	45f15aa08b	update galaxy.yml with new version	2021-04-01 20:15:31 +00:00
dev-sec CI	07c2931f1d	update changelog	2021-04-01 20:07:17 +00:00
schurzi	6e24797d2f	Merge pull request #423 from dev-sec/drop_users_wo_passwords add new tasks to delete mysql users without passwords	2021-04-01 22:04:59 +02:00
Sebastian Gumprich	8c89d78f44	move jmespath installation into github workflow Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
Sebastian Gumprich	d6a99c995e	use fqcn for mysql tasks Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
Sebastian Gumprich	5ed100b7ea	try to install jmespath on github host Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
Sebastian Gumprich	c6febf3249	fix linting Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
Sebastian Gumprich	7d68c6036c	use single ansible fact to delete user Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
Sebastian Gumprich	d4a4faa16d	fix syntax of mysql queries Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
Sebastian Gumprich	e1f0efb220	move mysql install to prepare step to create a password-less user Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
Sebastian Gumprich	73cdd973d7	remove custom tests as we have inspec tests Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
Sebastian Gumprich	5e7a0a60f1	fix linting Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
Sebastian Gumprich	c3b954a2ab	add new tasks to delete users without passwords Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 21:16:04 +02:00
schurzi	add303f2be	Merge pull request #437 from BenjaminBoehm/bugfix/ssh-kex-sntrup-openssh8.5 Fix ssh kex sntrup761x25519-sha512@openssh.com for openssh >= 8.5	2021-04-01 21:13:50 +02:00
dev-sec CI	03a0f26917	update changelog	2021-04-01 19:09:51 +00:00
schurzi	fdadb78080	Merge pull request #438 from dev-sec/remove_depracted_secure-auth remove secure-auth param if mysql >= 8.0.3	2021-04-01 21:07:04 +02:00
Sebastian Gumprich	2fb54bd224	remove secure-auth param if mysql => 8.0.3 Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> install collection in molecule Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> remove deprecated ubuntu 16.04 from tests Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-04-01 13:20:58 +02:00
Benjamin	29ee683069	Fix ssh kex sntrup761x25519-sha512@openssh.com for openssh >= 8.5 fix #433 Signed-off-by: Benjamin <gitlab@lnxkiste.de> Signed-off-by: Benjamin Boehm <git@lnxkiste.de>	2021-04-01 02:08:24 +02:00
dev-sec CI	d758fa5184	update changelog	2021-03-29 19:28:04 +00:00
schurzi	2882a15ee1	Merge pull request #427 from dev-sec/snoopotic-fix/add_auditd_restart_handler add restart-auditd handler after configuration change	2021-03-29 21:15:46 +02:00
Sebastian Gumprich	458dfa2b6a	use cinc exec supermarket instead of github Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-03-29 16:16:03 +02:00
Sebastian Gumprich	812c6c5974	skip auditd restart in molecule tests Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-03-29 10:00:15 +02:00
Sebastian Gumprich	ae68f73965	skip auditd restart in molecule tests Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2021-03-29 09:29:37 +02:00
dev-sec CI	d1d12ca6d7	update changelog	2021-03-25 12:55:51 +00:00
Farid Joubbi	7af432e1cf	Uppercased first letter of task names. (#422 ) Signed-off-by: Farid Joubbi <farid@joubbi.se>	2021-03-25 13:52:56 +01:00
dev-sec CI	2dac5e3289	update changelog	2021-03-24 13:34:39 +00:00
Farid Joubbi	c90bbd2c23	Improved comments. (#436 ) Signed-off-by: Farid Joubbi <farid@joubbi.se>	2021-03-24 14:31:58 +01:00
dev-sec CI	aec1f5dcb7	update changelog	2021-03-24 06:57:54 +00:00
Farid Joubbi	d1143a06b1	Not accepting source routing for IPv6. This was already done for IPv4. (#424 ) Signed-off-by: Farid Joubbi <farid@joubbi.se>	2021-03-24 07:55:29 +01:00
dev-sec CI	dfa89f7b47	update changelog	2021-03-23 21:04:30 +00:00
schurzi	0f424469be	Merge pull request #432 from joubbi/authtok_type os_auth_pam_pwquality_options: Changed type to authtok_type	2021-03-23 22:01:40 +01:00
Farid Joubbi	240d8acc0c	Changed os_auth_pam_pwquality_options type to authtok_type. Signed-off-by: Farid Joubbi <farid@joubbi.se>	2021-03-23 11:16:05 +01:00
dev-sec CI	5eae12005a	update galaxy.yml with new version	2021-03-23 09:09:20 +00:00
dev-sec CI	84d7bb5f5f	update changelog	2021-03-23 09:01:35 +00:00
schurzi	a45eee2204	Merge pull request #431 from joubbi/pwhistory Use pam_pwhistory.so instead of pam_unix.so for remembering old passwords	2021-03-23 09:59:11 +01:00

... 3 4 5 6 7 ...

1782 commits