Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
1521 commits 15 branches 57 tags 4.6 MiB
Commit graph

1521 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sebastian Gumprich
02c689eaa0 fix loop for home_directories 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-22 11:18:51 +01:00
Sebastian Gumprich
bf82736787 Update roles/os_hardening/tasks/user_accounts.yml 
Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
 2021-03-22 11:18:51 +01:00
Sebastian Gumprich
c86bdcb4c7 linting 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-22 11:18:51 +01:00
Sebastian Gumprich
b5ca78a9cd chmod /home directories to 0700 
This is based on https://github.com/dev-sec/ansible-collection-hardening/pull/277
and updated to work with the new collection.

Thanks to @aardbol for this initial implementation!

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-22 11:18:51 +01:00
dev-sec CI
36bc71fe51 update changelog 2021-03-21 12:20:51 +00:00
schurzi
876cdab430
Merge pull request #429 from dev-sec/proxy 
add support for using a proxy to test with molecule
 2021-03-21 13:18:03 +01:00
Sebastian Gumprich
6c805f6ca9 add support for using a proxy to test with molecule 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-19 15:52:19 +01:00
Sebastian Gumprich
8cb6732882 add support for using a proxy to test with molecule 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-19 15:45:06 +01:00
dev-sec CI
9614273653 update changelog 2021-03-16 14:52:14 +00:00
schurzi
a64838272c
Merge pull request #418 from joubbi/documentation2 
Improve Documentation for sysctl defaults
 2021-03-16 15:49:55 +01:00
dev-sec CI
2076990d5d update galaxy.yml with new version 2021-03-16 10:40:04 +00:00
dev-sec CI
3da5b759a2 update changelog 2021-03-16 10:28:41 +00:00
schurzi
8706246309
Merge pull request #421 from schurzi/imprel 
Improve Release Action
 2021-03-16 11:26:21 +01:00
Martin Schurz
cd4925d411 checkout master between 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 11:07:21 +01:00
Martin Schurz
d1b8e7d7a3 update paths 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 11:00:40 +01:00
Martin Schurz
19d5a17a99 remove second call to changelog generator 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 10:56:17 +01:00
dev-sec CI
5cc8b2f42a update changelog 2021-03-16 09:26:22 +00:00
schurzi
976f83e88b
Merge pull request #420 from dev-sec/fqcn_docs 
remove FQCN from roles in examples
 2021-03-16 10:14:03 +01:00
dev-sec CI
6c870aae27 update changelog 2021-03-15 23:12:58 +00:00
schurzi
74c729404b
Merge pull request #392 from dev-sec/tally 
restructure PAM handling and update for currently supported Linux distributions
 2021-03-16 00:10:36 +01:00
Martin Schurz
b2dd73d27e remove unneeded tasks 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-15 23:53:40 +01:00
Martin Schurz
ec9d7d2cb8 cleanup and typos 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-15 23:39:12 +01:00
Farid Joubbi
97c55d6e55 Documented rationale for sysctl values set. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-15 14:01:19 +01:00
Martin Schurz
5f97dffddf Merge branch 'master' into tally 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-11 19:26:37 +01:00
dev-sec CI
eeedaeaffb update changelog 2021-03-11 16:46:51 +00:00
schurzi
0b945536e2
Merge pull request #405 from joubbi/crontab 
Ensure permissions on cron files and directories are configured
 2021-03-11 17:44:26 +01:00
schurzi
103135ce9a fix task naming 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-11 17:21:32 +01:00
Farid Joubbi
4158e0bfb4 Created a list of files/dirs to be looped instead of two tasks per file/dir. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-11 16:54:25 +01:00
dev-sec CI
fed8bdabd7 update changelog 2021-02-25 07:00:24 +00:00
Sebastian Gumprich
f9bbdb20fe
add install instructions 2021-02-25 07:57:55 +01:00
Farid Joubbi
4bad4779cd Fixed copy-paste error by doing og-rwx instead of numerical. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-02-22 22:13:18 +01:00
Martin Schurz
75fc31b80c remove cracklib 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 19:10:45 +01:00
Martin Schurz
10841ced62 case sensitive 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 18:29:55 +01:00
Martin Schurz
335df545fb correct version 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 18:15:33 +01:00
Martin Schurz
6d2c92d4ab correct locale 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 18:14:59 +01:00
Martin Schurz
3334000b97 set locale for test 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 17:45:46 +01:00
Martin Schurz
26d84b5f84 use custom /tmp dir 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 16:46:41 +01:00
Martin Schurz
9b6f313065 move pam tests up 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 15:54:03 +01:00
Martin Schurz
23071a183c add testcases for PAM 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 15:42:13 +01:00
dev-sec CI
66009496e2 update changelog 2021-02-22 09:24:50 +00:00
Sebastian Gumprich
bbf992d9fc
Create dependabot.yml 2021-02-22 10:22:38 +01:00
Farid Joubbi
91a0d62305 Ensure permissions on /etc/crontab are configured. #375 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-02-19 23:19:00 +01:00
Farid Joubbi
60d24db460 Ensure permissions on /etc/crontab are configured. #375 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-02-19 22:40:16 +01:00
dev-sec CI
90e0ce7c6b update changelog 2021-02-17 10:37:06 +00:00
schurzi
8e4c22d8d9
remove FQCN from roles in examples (#404) 
Ansible does not work with FQCN and collections sepcified for including
roles. It is currently expecting to only get the role name in this
context.

Verified with Ansible 2.10.5

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-17 11:34:37 +01:00
Martin Schurz
dba53718cf sssd is disabled on Amazonlinus 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-16 20:44:28 +01:00
Martin Schurz
4a5fa70507 default faillock to yes 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-16 19:31:51 +01:00
Martin Schurz
75683161a5 remove FQCN from roles in examples 
Ansible does not work with FQCN and collections sepcified for including
roles. It is currently expecting to only get the role name in this
context.

Verified with Ansible 2.10.5

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-15 11:26:59 +01:00
dev-sec CI
2a4b98ab4a update changelog 2021-02-15 10:26:19 +00:00
schurzi
5d55d29fe2
Merge pull request #403 from wzzrd/gssapi_client_support 
Extend GSSAPI configuration support to ssh_config
 2021-02-15 11:23:57 +01:00