Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
284 commits 15 branches 57 tags 4.6 MiB
Commit graph

284 commits

This branch
This branch
All branches
Author SHA1 Message Date
Conor Schaefer
d31bbfc457 Supports --check mode 
By setting always_run=true on a few read-only tasks that are used to
register variables, we add support for dry runs of the role via the
--check flag to ansible-playbook. The role now completes without error
in dry-run mode, which is very useful when onboarding new hosts to the
role.
 2016-07-15 13:37:36 -07:00
Sebastian Gumprich
accdeecde4 Local testing with Docker 
This PR changes the local testing method to docker by default, making
the tests significantly faster to execute.
 2016-06-28 18:32:33 +02:00
Sebastian Gumprich
c5d9770f4a change name of suite 2016-06-28 18:29:56 +02:00
Sebastian Gumprich
a6624db99d initial docker testing support 2016-06-28 18:29:30 +02:00
Sebastian Gumprich
371ed47878 Merge pull request #91 from conorsch/support-centos7 
Adds support for CentOS 7
 2016-06-28 18:23:42 +02:00
Sebastian Gumprich
f059577d42 Merge pull request #88 from dev-sec/debian8 
debian 8 support
 2016-06-28 17:47:09 +02:00
Sebastian Gumprich
cda2d58218 Merge pull request #92 from vivekagr/patch-1 
Fix a formatting issue in readme.
 2016-06-26 21:18:21 +02:00
Vivek Agarwal
e04ef11c05 Fix a formatting issue in readme. 2016-06-27 00:24:46 +05:30
Conor Schaefer
12053b21ae Removes sysctl_set parameter from RHEL sysctl task 
It appears that the sysctl_set parameter overrides ignorerrors. Since we
fully expect `kernel.exec_shield` to be handled differently on CentOS
7+, where it is is no longer configurable, let's preserve the
functionality provided by ignorerrors.
 2016-06-25 22:43:41 -07:00
Conor Schaefer
ef28e7d01e Supports minimizing access on symlinked system dirs 
Uses a two-pass approach that inspects all target directories, then only
operates on the true "directories," skipping the symlinks, if any. Using
the "recurse=true" parameter ensures that the suid/sgid modifications
are applied to files as well as directories.
 2016-06-25 22:43:41 -07:00
Conor Schaefer
52163263a7 Adds CentOS 7.2 box to kitchen.yml 2016-06-25 22:43:41 -07:00
Sebastian Gumprich
422489f5ca update meta file 2016-06-24 17:42:48 +02:00
Sebastian Gumprich
0999b7b1cf update meta file 2016-06-24 17:36:26 +02:00
Sebastian Gumprich
cb54398e9c Merge pull request #89 from conorsch/permit-filemap-config-on-etc-shadow 
Permits overriding permissions on /etc/shadow
 2016-06-13 19:17:27 +02:00
Conor Schaefer
d4261388b5 Permits overriding permissions on /etc/shadow 
To support a variety of distros, some of which recommend root:root 0600
permissions on the shadow file (RHEL-based) and others root:shadow
0640 (Debian-based), allow users to override the /etc/shadow owner,
group, and mode via a dict var.
 2016-06-10 19:31:33 -07:00
Sebastian Gumprich
1c81e9f146 debian 8 support 
I implemented Debian 8 support (and removed debian 6 support, since its
EOL) as well as making it easier to locally test the role with inspec.
 2016-06-08 17:31:47 +02:00
Sebastian Gumprich
b5f4bac9bd update testing method 
use default.yml in repo for testing
consolidate kitchen vars
 2016-05-22 20:06:29 +02:00
Sebastian Gumprich
7746eca682 update readme for dev-sec, make vars a table 2016-05-22 18:18:21 +02:00
Sebastian Gumprich
80e2365687 Merge pull request #85 from fitz123/ufw_manage_defaults 
Ufw manage defaults
 2016-05-22 16:38:30 +02:00
fitz123
2f7a97fbc7 fix task fail in case 'net.ipv6.conf.all.disable_ipv6' is not defined in sysctl_config dict 2016-05-21 12:42:16 +07:00
fitz123
0f8937c9b0 all ufw variables included into defaults file 2016-05-21 12:17:39 +07:00
fitz123
08da4091c2 tag for ufw task changed to 'ufw' 2016-05-21 12:17:06 +07:00
fitz123
e34775bdaa ufw_manage_defaults README 2016-05-20 03:35:43 +07:00
fitz123
2750d6e467 integrate ufw defaults management 2016-05-20 03:35:12 +07:00
Sebastian Gumprich
eaea10b3e7 Merge pull request #81 from fitz123/remove_ugly_red_errors 
replace ignore_errors to failed_when to supress ugly error warnings
 2016-05-19 20:43:16 +02:00
fitz123
8ebc97c130 replace ignore_errors to failed_when to supress ugly error warnings for 'remove suid/sgid' task 2016-05-19 23:56:14 +07:00
Sebastian Gumprich
87778593d0 Merge pull request #79 from fitz123/ansible_2.0-bare_vars_fix 
fix bare variables usage for loops
 2016-05-19 18:21:56 +02:00
fitz123
b9afcfdc68 fix bare variables usage for loops 2016-05-18 01:35:41 +07:00
Sebastian Gumprich
13ad1d2664 Merge pull request #75 from hardening-io/release 
Release 3.0.0
 2016-03-13 20:32:38 +01:00
Sebastian Gumprich
827af75e7d release 3.0.0 2016-03-13 20:30:12 +01:00
Sebastian Gumprich
2d97a0872a new release 2016-03-13 20:22:51 +01:00
Christoph Hartmann
002ad0cbf7 Merge pull request #59 from hardening-io/ansible_2.0 
Ansible 2.0 support
 2016-03-06 12:28:36 +01:00
Sebastian Gumprich
c3e9115f75 add webhook again 2016-03-05 21:25:08 +01:00
Sebastian Gumprich
ec8519e4ff remove vagrantfile in kitchen.yml 2016-03-05 21:24:15 +01:00
Sebastian Gumprich
dfdf722979 add test support for ansible 1.9 and 2.0 2016-03-05 21:19:13 +01:00
Sebastian Gumprich
1b35de9644 Ansible 2.0 support 
This role was tested with Ansible 2.0
 2016-02-24 08:14:41 +01:00
Christoph Hartmann
5cc477b6c5 Merge pull request #67 from hardening-io/mv_sysctl_to_defaults_2 
Move sysctl vars to defaults
 2016-02-24 08:13:34 +01:00
Sebastian Gumprich
e9eac79851 remove vars-include line 2016-02-24 08:07:58 +01:00
Sebastian Gumprich
8747be1d0d Move sysctl vars to defaults 2016-02-24 08:07:58 +01:00
Christoph Hartmann
c7308bcd67 Merge pull request #68 from hardening-io/add_webhook_to_travis 
add webhook for ansible galaxy
 2016-02-24 08:03:36 +01:00
Sebastian Gumprich
7d13247984 add webhook for ansible galaxy 
This way the build status is shown on ansible-galaxy.
 2016-02-24 07:54:48 +01:00
Christoph Hartmann
ea862ccb3c Merge pull request #69 from hardening-io/update_platforms 
update platforms in meta-file
 2016-02-24 07:52:17 +01:00
Sebastian Gumprich
5587a2343e add debian 8 support. 2016-02-24 07:39:55 +01:00
Sebastian Gumprich
42d333d278 update platforms in meta-file 
this way the match the style used by ansible galaxy.
 2016-02-24 07:39:55 +01:00
Sebastian Gumprich
66f390f7e9 Merge pull request #66 from conorsch/update-include-tags 
Updates "tags" parameters on includes in main.yml
 2016-02-01 19:04:24 +01:00
Conor Schaefer
0cedd9915d Updates "tags" parameters on includes in main.yml 
Ansible v2 forbids in-line tags on include statements, and expects
"tags" to be always a task-level parameter. Older versions of Ansible
support both styles, so it makes sense to standardize on the latter.
 2016-01-31 13:08:24 -08:00
Christoph Hartmann
8bc5c23bcf Merge pull request #62 from hardening-io/sys_uid_gid 
make sys_uid and sys_gid configurable
 2016-01-31 13:21:54 +01:00
Sebastian Gumprich
4b4b58c643 make sys_uid and sys_gid configurable 2016-01-31 13:18:29 +01:00
Anton Lugovoi
eedd504e33 Merge pull request #63 from hardening-io/suid_set_def_var 
Suid set def var, fix #64
 2016-01-31 05:59:52 +07:00
Sebastian Gumprich
7bc186e215 remove whitespace 2016-01-29 23:04:31 +01:00