* add additional check for efi
some systems seem to require vfat because of efi, despite not exposing a
/sys/firmware/efi directory.
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* make linter happy
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* rework check to check for all used filesystems
so we don't break existing mounts with our configuration
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* do not check this on el6
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* add comment to clarify
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* fix problem with package_facts on SuSE
SuSE Linux does not work with ansibel module packet_facts, so we need to
exclude this task there.
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* fix local docker tests for all distributions
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* fix local vagrant tests for all distributions
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* simplify travis tests
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* fix opensuse in travis
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* add fixes for suse
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* add special case for suse docker
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* Add proper ansible_managed header in each template
Signed-off-by: Andre Lehmann <aisberg@posteo.de>
* Use consistent indentation
All tabs were converted into spaces and all values were properly aligned, making
the file easier to read.
Signed-off-by: Andre Lehmann <aisberg@posteo.de>
* Make useradd defaults inside login.defs dependent on OS family
Signed-off-by: Andre Lehmann <aisberg@posteo.de>
* Remove duplicate key
Signed-off-by: Andre Lehmann <aisberg@posteo.de>
* Replace tab with space
Signed-off-by: Andre Lehmann <aisberg@posteo.de>
* Remove trailing space
ansible-lint marks my build red due to this `¯\_(ツ)_/¯`
Signed-off-by: Pawel Krawczyk <pawel.krawczyk@hush.com>
* add ansible-lint (#262)
* Update .travis.yml
Signed-off-by: Pawel Krawczyk <pawel.krawczyk@hush.com>
* Add kernel hardening parameters from Tails and CIS Benchmark
Signed-off-by: Pawel Krawczyk <pawel.krawczyk@hush.com>
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
- Added logic to pull uid_min from login.defs when it returns an
integer value greater than 0.
- Add logic so that Debian systems use inherit uid_max=999 when
a uid_max was not found in login.defs.
- Add logic so that all other systems inherit uid_max=499 only
when the value was not already found in login.defs or set for
Debian systems.
Signed-off-by: Lesley Kimmel <lesley.j.kimmel@gmail.com>
* Add kernel parameter information to README
Add initial documentation around configuring audit=1 to reduce the inaccuracies in the auditd logs.
Closes https://github.com/dev-sec/ansible-os-hardening/issues/253
Signed-off-by: Jared Ledvina <jared@techsmix.net>
* Cleanup spellinng
Signed-off-by: Jared Ledvina <jared@techsmix.net>
