Commit graph

200 commits

Author SHA1 Message Date
Sebastian Gumprich
a1425befeb Separate system-vars from editable vars. Fix #34 2015-07-27 20:47:23 +00:00
Sebastian Gumprich
daf8e4c45b Add documentation for testing, change value in vars 2015-07-18 20:57:58 +00:00
Sebastian Gumprich
b3af021cd9 Create limits.d-directory if it does not exist.
See [here](https://github.com/hardening-io/chef-os-hardening/issues/84).
2015-07-13 18:18:13 +00:00
Sebastian Gumprich
dab153eb56 INITIAL 2015-07-02 18:32:22 +00:00
Christoph Hartmann
75dbf1cae6 Merge pull request #30 from hardening-io/CL_RM_TODO
Update readme, todo, changelog, vars
2015-06-24 06:40:28 -07:00
Sebastian Gumprich
348fb1cc53 Change var to true to remove pkgs by default 2015-06-24 10:21:13 +00:00
Sebastian Gumprich
5e1e2513c5 Update readme, todo, changelog, vars
* This commit updates the readme in several ways.
* It adds a todo-list and a changelog.
* It deletes unused variables
2015-06-23 23:58:40 +02:00
Sebastian Gumprich
c8d9ac84ef Add module configuration 2015-06-23 23:58:12 +02:00
Christoph Hartmann
ac4754ff16 Merge pull request #29 from hardening-io/suid_fix
List-cleanup and follow symlinks added
2015-06-23 14:57:25 -07:00
Sebastian Gumprich
f6cf4fcdf5 Fix another sysctl-setting due to new tests 2015-06-23 23:51:18 +02:00
Sebastian Gumprich
8ba37823f9 Fix two sysctl-settings 2015-06-23 23:51:18 +02:00
Sebastian Gumprich
88f4f17786 Added condition to suid/sgid-execution 2015-06-23 17:49:37 +00:00
Sebastian Gumprich
46b50769aa List-cleanup and follow symlinks added
- This change alters the black- and white-listed list for
suid/sgid-management to be a proper yaml-formatted list.

- Furthermore "follow symlinks" was added to the tasks
that remove suid/sgid because otherwise the suid/sgid
from the link-targets would not be removed.
2015-06-23 11:01:00 +00:00
Christoph Hartmann
10267eb509 Merge pull request #23 from hardening-io/remove_authconfig
Delete authconfig-task on rhel-systems
2015-06-20 02:01:39 -07:00
Sebastian Gumprich
a345da0023 Delete authconfig-task on rhel-systems
The authconfig-task overrides changes we later do on files, so this
task is not necessary and causes some tasks to always change files
2015-06-19 11:51:23 +02:00
Sebastian Gumprich
e4c6436163 Add missing rhosts-include task 2015-06-19 11:51:09 +02:00
Christoph Hartmann
71c7042163 Merge pull request #24 from hardening-io/result_override
Use changed_when to avoid changed tasks
2015-06-19 02:48:08 -07:00
Sebastian Gumprich
1005cc133a Add ignore-vars. Change nologin-shell dep. on OS 2015-06-18 18:14:08 +00:00
Sebastian Gumprich
f82e7684c6 Added option to disable system accounts 2015-06-18 18:14:08 +00:00
Sebastian Gumprich
6f910c28d8 Use changed_when to avoid changed tasks
When a shell or command task, that only fetches data, gets executed,
the task will be marked as change, even though nothing changed.
This commit changes the behaviour of tasks that only fetch data.
For more info see here:
http://docs.ansible.com/playbooks_error_handling.html#overriding-the-changed-result
2015-06-18 13:42:29 +00:00
Sebastian Gumprich
531a051ef9 Skip sysctl-tasks in travis-environment 2015-06-17 12:11:59 +02:00
Sebastian Gumprich
e70974ba16 Add os_security_kernel_enable_module_loading 2015-06-08 17:25:50 +00:00
Sebastian Gumprich
81c171a55a Change sysctl-task. Fix #18 2015-06-06 18:35:09 +00:00
Christoph Hartmann
645240998d Merge pull request #16 from hardening-io/cnd_ip_fwd
Add conditions for various tasks. Fix #15
2015-06-03 12:35:43 -07:00
Sebastian Gumprich
7c121b7e2b Add missing condition 2015-06-01 21:46:05 +00:00
Sebastian Gumprich
255948feb3 Add conditions for various tasks. Fix #15 2015-06-01 20:33:35 +00:00
Sebastian Gumprich
fb59fab08f Remove duplicate whitelist-check 2015-06-01 19:36:37 +00:00
Sebastian Gumprich
544779e26a Add remove suid/sgid function 2015-06-01 14:50:22 +02:00
Sebastian Gumprich
e6f2253c49 replace sed with replace-module 2015-06-01 14:28:18 +02:00
Sebastian Gumprich
c9252b167f add gpgcheck rhnplugin.conf, consolidate task 2015-06-01 14:28:18 +02:00
Sebastian Gumprich
66e258da7e Add task to remove unused repos and pkgs 2015-06-01 14:28:17 +02:00
Sebastian Gumprich
95bb02edbe Make tasks clearer 2015-06-01 14:23:13 +02:00
Sebastian Gumprich
1782dbf3fa ignore RAs on Ipv6
See: https://github.com/hardening-io/puppet-os-hardening/blob/master/manifests/sysctl.pp#L66-L68
2015-06-01 10:59:37 +02:00
Sebastian Gumprich
3dce747cd6 Revert "ignore RAs on Ipv6"
This reverts commit a91cbe0192.
2015-05-28 18:47:18 +00:00
Sebastian Gumprich
a91cbe0192 ignore RAs on Ipv6
Taken from here:
https://github.com/hardening-io/puppet-os-hardening/blob/master/manifests/sysctl.pp#L66-L68
2015-05-28 18:43:52 +00:00
Sebastian Gumprich
a305b94230 Add separated files 2015-05-26 19:53:55 +00:00
Sebastian Gumprich
79ca60bfa1 Separate tasks into multiple smaller files 2015-05-26 19:53:16 +00:00
Sebastian Gumprich
557109e35a Separate the tasks into smaller files 2015-05-26 19:45:30 +00:00
Christoph Hartmann
01572d9041 Merge pull request #5 from hardening-io/yum
Enable gpg-check on all yum-repositories
2015-05-20 12:17:54 -07:00
Sebastian Gumprich
c2884687c8 Change tasks to use sed instead of lineinfile 2015-05-20 21:07:30 +00:00
Sebastian Gumprich
82fea53ba7 Enable gpg-check on all yum-repositories 2015-05-19 21:01:32 +00:00
Dominik Richter
226c2761f8 treat securetty config as an array 2015-05-11 23:06:34 +02:00
Sebastian Gumprich
e097f02065 Add profile.conf configuration 2015-05-11 23:00:08 +02:00
Sebastian Gumprich
ef2ce77f53 Add securetty-template 2015-05-10 21:44:17 +00:00
Sebastian Gumprich
b78345fe0c Add securetty-support 2015-05-10 21:43:26 +00:00
Sebastian Gumprich
b9cc7bf9d8 Further improvements, first push 2015-05-10 18:33:37 +00:00
Sebastian Gumprich
06d1464e95 Initial 2015-05-04 21:37:22 +00:00
Sebastian Gumprich
ef275a4e85 Add handler to restart ssh only if necessary. Fix #6 2015-04-28 16:47:12 +00:00
Sebastian Gumprich
45eb0e2f38 Oracle support
- Add check for Oracle operating systems

- Add minus sign to remove whitespace
2015-04-27 21:14:50 +00:00
Sebastian Gumprich
bb703c962a INITIAL 2015-04-23 18:30:41 +00:00