Sebastian Gumprich
19b8788a39
remove unused parameter from readme
2018-01-03 10:43:13 +01:00
Sebastian Gumprich
f13c1ed47b
update vagrnat boxes
2018-01-03 10:43:13 +01:00
Sebastian Gumprich
ac420b8edd
add martian sysctl parameter
2018-01-03 10:43:13 +01:00
Patrick Münch
0741b75aaa
Merge pull request #157 from dev-sec/defaults
...
move defaults to os-specific vars
2018-01-03 10:28:19 +01:00
Sebastian Gumprich
6d81e33515
move defaults to os-specific vars
2018-01-02 18:53:49 +01:00
Sebastian Gumprich
9a5e6f7f1c
temporary remove oracle7 from travis
2018-01-02 18:53:23 +01:00
Sebastian Gumprich
c310e15d14
Merge pull request #146 from martinbydefault/master
...
Removal of core dump hardening configuration if core dumps are allowed
2017-12-23 18:34:26 +01:00
Sebastian Gumprich
24fd32ba84
Merge pull request #150 from kravietz/master
...
Add kernel hardening settings from Ubuntu /etc/sysctl.d
2017-12-23 15:46:11 +01:00
Sebastian Gumprich
a1727e24e4
Merge pull request #139 from dev-sec/fix_124
...
update readme
2017-12-23 15:35:34 +01:00
Sebastian Gumprich
ac50457d39
Merge pull request #153 from pinguinkiste/fs-whitelist
...
Prevent disabling of filesystems via whitelist
2017-12-23 15:24:22 +01:00
Sebastian Gumprich
743d2c871e
Merge pull request #156 from oakey-b1/oakey-b1-patch-1
...
Don't create home for system accounts
2017-12-07 19:16:44 +01:00
Neal Thomas Oakey
e6f534c380
Don't create home for system accounts
...
Fixes users `irc` and `systemd-resolve` being changed after reboot,
as their home directory is in `/run`.
Won't create `/home/{syslog,ntp}` any longer (Ubuntu).
2017-12-06 12:30:47 +01:00
Manuel Prinz
d429d53c60
Prevent disabling of filesystems via whitelist
2017-11-01 14:10:15 +01:00
Artem Sidorenko
bf6cb73cd5
Merge pull request #152 from dev-sec/fix_ufw_151
...
replace single ticks with double ticks. fix #151
2017-10-29 00:56:25 +02:00
Sebastian Gumprich
deec0be0a6
replace single ticks with double ticks. fix #151
2017-10-27 20:17:55 +02:00
Pawel Krawczyk (qubes)
6329e433be
add kernel hardening settings from Ubuntu /etc/sysctl.d
2017-10-24 13:41:41 +01:00
Sebastian Gumprich
0ddb26a7f7
Merge pull request #149 from martinbydefault/patch-1
...
fixed tag
2017-10-20 18:21:56 +02:00
martinbydefault
903c1d26dc
fixed tag
2017-10-19 11:26:21 -03:00
martinbydefault
9eb45506aa
added quotes to wildcard and fixed indentation
2017-10-04 02:02:50 -03:00
Martin
54a1b4488d
Removal of core dump hardening configuration if core dumps are allowed
2017-10-04 01:20:03 -03:00
Sebastian Gumprich
3cb86a6202
update changelog
2017-09-13 18:02:21 +02:00
Sebastian Gumprich
49d380f00c
Merge pull request #138 from dev-sec/modprobe
...
add modprobe template, control os-10
2017-08-08 08:32:47 +02:00
Sebastian Gumprich
31d7dbeef4
move variable to right file
2017-08-07 22:12:48 +02:00
Sebastian Gumprich
cfda4f79ac
Update RedHat-6.yml
2017-08-07 22:11:33 +02:00
Sebastian Gumprich
d33b8f1c40
fix typo
2017-08-07 22:08:03 +02:00
Sebastian Gumprich
637890223e
Merge branch 'master' into modprobe
2017-08-07 22:01:38 +02:00
Sebastian Gumprich
fde065d31b
rebasing
2017-08-07 21:57:46 +02:00
Sebastian Gumprich
8f7c7ba84c
install modprobe package,
...
check for modprobe
use apt and yum instead of package
Revert "use apt and yum instead of package"
This reverts commit 215a97b1867a7a8af5e0e64e9f77181d4c4a5050.
use latest to install kmod
run apt-get update
2017-08-07 21:56:08 +02:00
Sebastian Gumprich
db517e9539
change vars file loading
2017-08-07 21:55:30 +02:00
Lukas Erlacher
3ccb3eb8de
Remove rsync from package blacklist
...
rsync was erroneously added to `os_security_packages_list` variable,
meaning it was uninstalled as a "package with known issues".
Fixes #141
2017-08-07 21:55:30 +02:00
Sebastian Gumprich
e1395fb2f2
Update minimize_access.yml
2017-08-07 21:55:30 +02:00
Sebastian Gumprich
e879831819
add passwd vars
2017-08-07 21:55:30 +02:00
Sebastian Gumprich
41feffdc17
add kitchen to os_ignore_user to fix #124
2017-08-07 21:53:56 +02:00
Sebastian Gumprich
ef1c718ba7
remove execshield on rhel7
2017-08-07 21:53:56 +02:00
Sebastian Gumprich
de6653d9bb
add shadow task
2017-08-07 21:53:37 +02:00
Sebastian Gumprich
9fa496f91d
Merge pull request #119 from dev-sec/exec_shield
...
remove execshield sysctl-parameter on rhel7
2017-08-07 21:46:42 +02:00
Sebastian Gumprich
1303e0c7fe
change vars file loading
2017-08-07 21:27:20 +02:00
Sebastian Gumprich
653c5cbf79
Merge branch 'master' into exec_shield
2017-08-07 19:33:50 +02:00
Sebastian Gumprich
02a475a465
Merge pull request #142 from duk3luk3/fix/no-blacklist-rsync
...
Remove rsync from package blacklist
2017-08-07 18:51:30 +02:00
Sebastian Gumprich
e01a478858
remove useless check
2017-08-07 18:48:34 +02:00
Lukas Erlacher
066f423aae
Remove rsync from package blacklist
...
rsync was erroneously added to `os_security_packages_list` variable,
meaning it was uninstalled as a "package with known issues".
Fixes #141
2017-08-07 23:21:51 +10:00
Sebastian Gumprich
cf3bbb3dd4
add conditional check
2017-08-07 15:08:12 +02:00
Sebastian Gumprich
62d20e299f
install modprobe package,
...
check for modprobe
use apt and yum instead of package
Revert "use apt and yum instead of package"
This reverts commit 215a97b1867a7a8af5e0e64e9f77181d4c4a5050.
use latest to install kmod
run apt-get update
2017-08-07 14:56:42 +02:00
Sebastian Gumprich
a88ff85ec0
Merge pull request #136 from dev-sec/passwd
...
add passwd task, control os-03
2017-08-07 13:08:50 +02:00
Sebastian Gumprich
8bbd6f0f52
Update minimize_access.yml
2017-08-06 22:12:26 +02:00
Sebastian Gumprich
77fae2a742
add passwd vars
2017-08-06 21:37:26 +02:00
Sebastian Gumprich
3d59e80910
Merge branch 'master' of github.com:dev-sec/ansible-os-hardening into passwd
2017-08-06 20:39:52 +02:00
Sebastian Gumprich
0fa457d967
update readme
2017-08-06 15:48:51 +02:00
Sebastian Gumprich
846e0c23b3
add kitchen to os_ignore_user to fix #124
2017-08-06 15:43:55 +02:00
Sebastian Gumprich
b737463b95
remove execshield on rhel7
2017-08-06 14:56:08 +02:00