Mirrors/ansible-collection-hardening

mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 13:21:52 +00:00

Author	SHA1	Message	Date
Moritz	1b0576695e	feat: workflow for roles readme (#705 ) * chore: added aar_doc config Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * feat: added initial state of roles readme workflow Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: runs on Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: install poetry Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * feat: loop over all roles and install peotry with pip Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: working dir for poetry run Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: cli path Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * chore: scale down matrix loop for testing Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: poetry run for py execution command Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: work dir for poetry run Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: cli.py path Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: roles path Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * feat: push readme Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: on push branch master Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: uncomment other roles Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * chore: limit trigger to master and arguments Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: push branch name Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * refactor: simplify steps Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * style: linting and styling Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * chore: trigger for pull request Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: push only if ref is master Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * chore: output diff of generated README Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: push readme in pull request Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * docs: role var description text Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: aar_doc roles path Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: git diff Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: fetch all history and changed diff branch Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: run diff only for pr Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: remove fetch-depth and switch to normal diff Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: remove diff and set push-branch Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> * fix: head_ref with default ref_name for push-branch Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> --------- Signed-off-by: Nemental <15136847+Nemental@users.noreply.github.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2023-10-25 15:10:02 +02:00
rndmh3ro	a08a057f7b	Prettified Code!	2023-10-23 10:24:09 +00:00
Sebastian Gumprich	787ac9bd54	fix some wrong defaults and types in the readmes (#703 ) Signed-off-by: Sebastian Gumprich <sebastian.gumprich@telekom.de>	2023-10-23 12:23:49 +02:00
schurzi	9c2f12561a	update links to new Ansible Galaxy (#702 ) * update links to new Ansible Galaxy Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> * remove dead link Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de> --------- Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>	2023-10-16 20:56:13 +02:00
Nejc Habjan	35d87aa678	Fix typo in login.defs.j2 Signed-off-by: Nejc Habjan <nejc.habjan@siemens.com>	2023-10-08 14:15:16 +02:00
rndmh3ro	965c9326d0	Prettified Code!	2023-08-24 13:22:18 +00:00
Sebastian Gumprich	9c5b619149	fix descrptions in readme (#693 ) Signed-off-by: Sebastian Gumprich <sebastian.gumprich@telekom.de>	2023-08-24 15:21:57 +02:00
Thibault Soubiran	f602bc621a	feat: customize user paths default. Resolves: #689 (#692 ) Signed-off-by: Thibault Soubiran <thibault.soubiran@protonmail.com>	2023-08-24 14:02:23 +02:00
rndmh3ro	c1a0bcbe9d	Prettified Code!	2023-08-07 12:31:26 +00:00
Sebastian Gumprich	f295397611	add role argument spec for os, ssh, mysql (#687 ) * add role argument spec for os, ssh, mysql Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add role argument spec for os, ssh, mysql Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove variable in variable as it cannot be used in argument spec Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * fix wrong syntax * fix spelling errors Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * cannot use vars before arg-spec validation Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * yamllint the arg-spec Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add back variable Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove redundant setting in tests * fix descriptions in mysql hardening to betterreflect what they do Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove duplicate empty line Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * set correct defaults on to ssl options Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove left-over hidepid argument spec Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove license and author infos, this lives in the collection readme Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * fix styling Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * update some descriptions and sort them in the readme Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * some more linting Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> --------- Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2023-08-07 14:30:59 +02:00
Dennis Lerch	6bcdb253ec	auditd: add possibility to override config template (#685 ) * make template overrideable by referencing the auditd.conf.j2 template, a custom template can be provided to the role. Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com> * extend auditd config make freq and log_file configurable implement write_logs with it's default value in order to be able to disable log writing Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com> * Extend README.md documentation by new variables reorder `os_auditd_log_format` to keep sequence from defaults Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com> --------- Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com>	2023-07-24 11:34:47 +02:00
Nejc Habjan	dd215ba310	feat: explicitly support Fedora 37 and 38 (#682 ) Signed-off-by: Nejc Habjan <nejc.habjan@siemens.com>	2023-06-12 14:18:32 +02:00
Sebastian Gumprich	f56d80b5d8	Replace ssh_keys group in Fedora with root (#677 ) * Replace ssh_keys group in Fedora with root In Fedora 38, the `ssh_keys` group was removed. root is used now, in accordance to upstream. See: https://www.spinics.net/lists/fedora-devel/msg307707.html See: https://src.fedoraproject.org/rpms/openssh/pull-request/37# Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * change host key mode and owner in fedora and rhel9 Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add missing host mode for rhel7 Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * harden all ssh host keys Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * skip linting rule Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * correct grp for bsd is wheel Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> --------- Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2023-06-10 08:04:04 +02:00
Sebastian Gumprich	7e6a715692	setting gets ignored (#680 ) see: https://github.com/authselect/authselect/issues/223 Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2023-05-26 14:10:49 +02:00
junicast	f3337f33b3	Add oddjob mkhomedir option rhel pam (#675 ) * added support for oddjob mkhomedir via optional var * optimized conditional * added variable description Signed-off-by: Jochen Demmer <jochen.demmer@noris.de> * added support for oddjob mkhomedir via optional var Signed-off-by: Jochen Demmer <jochen.demmer@noris.de> * optimized conditional Signed-off-by: Jochen Demmer <jochen.demmer@noris.de> * added variable description Signed-off-by: Jochen Demmer <jochen.demmer@noris.de> --------- Signed-off-by: Jochen Demmer <jochen.demmer@noris.de> Co-authored-by: Jochen Demmer <jochen.demmer@noris.de>	2023-05-23 11:19:40 +02:00
Andreas Wagner	d7bda7ca3a	expand on check conditions for non-file locations of logs (#674 ) Co-authored-by: whysthatso <git@whysthatso.net>	2023-05-22 15:53:33 +02:00
schurzi	1cce7bca9a	Merge pull request #662 from dev-sec/codespell add spellchecking with codespell	2023-04-17 09:47:53 +02:00
Martin Schurz	7259d6b5fd	fix spelling errors Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-14 23:51:53 +02:00
Martin Schurz	eb47f4dce0	Merge branch 'master' into min_ansible_ver	2023-04-12 22:22:36 +02:00
Martin Schurz	0014a3be36	update metadata Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-12 20:18:29 +02:00
Martin Schurz	a5a065f880	shorten text Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-11 07:49:38 +02:00
Martin Schurz	bc9795c215	add noqa for linter Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-11 07:37:07 +02:00
Martin Schurz	ea922f6dca	fix lint error Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-10 23:49:52 +02:00
Martin Schurz	001900ac35	require ansible.builtin.user to be at least 2.11 since options are needed Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-04-10 23:42:27 +02:00
schurzi	29f8a2fb78	add testing for OpenBSD and FreeBSD (#642 ) * add testing for OpenBSD and FreeBSD Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * make python work Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * remove jinja template ... Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * make verify work Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct verify Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct verify Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct verify Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct verify Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use right vm name for connect Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add a bit of documentation Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * remove sudo Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add weird OpenSBD workaround Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * make verify playbook more consistent Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * rename nonlinux to BSD Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use openbsd7 for testing Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct use openbsd7 everywhere Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add waivers Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * update waiver descriptions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use docker for inspec Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * keep looking right ;) Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct path to waivers Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use ephemeral directory in docker Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use bsd inspec profile Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * remove openbsd workaround Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * re-add openbsd workaround Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * commit suggestions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add supportet OS to metadata Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use current python Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> --------- Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-03-31 09:50:04 +02:00
schurzi	5ed3f399f2	add check mode to molecule tests (#644 ) * add check mode to molecule tests Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * bail on undefined variables Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * bail on undefined variables Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * execute tasks in check mode Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * fix error in check mode on SuSE Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use when condition on task Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> --------- Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-03-09 09:37:59 +01:00
George Bolo	3d0b6670d1	fixes #646 - add another condition to getent task (#647 ) Signed-off-by: gbolo <george.bolo@gmail.com>	2023-03-06 12:07:40 +01:00
schurzi	6e5621cdc9	simplify MySQL queries for user deletion (#641 ) * use rowcount to determine mysql results Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use correct list level Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * remove json_query Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * remove intermediate vars Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add check for count Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * drop condition, since one result must exist Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * move rowcount in condition Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * do loop in ansible to report each deleted user Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add idempotency check Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * additional tests to verify user deletion Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * actually iterate the whole user list when deleting Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * fix tests for SuSE Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * adopt suggestions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> --------- Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-03-01 14:19:50 +01:00
Nejc Habjan	9e4ea20c67	Only skip audit restart handler in docker (#637 ) Signed-off-by: Nejc Habjan <nejc.habjan@siemens.com>	2023-02-15 17:58:52 +01:00
Nejc Habjan	1fc2809307	Make action_mail_acct configurable in auditd (#631 ) Signed-off-by: Nejc Habjan <nejc.habjan@siemens.com>	2023-02-06 13:24:43 +01:00
schurzi	1ef9171393	remove unneccessary tasks for VM based test (#629 ) * add remaining platforms to test Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * remove unneccessary tasks for test Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use current opensuse version Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * disable sysctl for missing yama in opensuse Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> --------- Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-02-06 08:37:40 +01:00
Norman Ziegner	2f60b44cca	os_hardening: Add variable to set the number of days of warning before user password expires Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>	2023-02-01 16:17:36 +01:00
rndmh3ro	bc096e58e5	Prettified Code!	2023-01-28 20:59:35 +00:00
DonEstefan	16e00b02db	rewrite user home dir hardening (#584 ) * rewrite user home dir hardening * delete duplicate var that was missed in a merge conflict Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * linting Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add tests for home rewrites Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * Apply suggestions from code review Co-authored-by: schurzi <github@drachen-server.de> --------- Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: donestefan <donestefan@users.noreply.github.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: schurzi <github@drachen-server.de>	2023-01-28 21:59:19 +01:00
Sebastian Gumprich	a75b339526	fix more linting errors Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2023-01-27 11:27:35 +01:00
Sebastian Gumprich	89138be4ec	Rewrite system account detection and hardening and create tests (#621 ) * rewrite system account detection and hardening * resolve failures created when resolving merge conflicts Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add tests for shell removal tasks Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * Update molecule/os_hardening/prepare.yml Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * split tasks for locking and setting shell Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * fix some more linting Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> Co-authored-by: donestefan <donestefan@users.noreply.github.com> Co-authored-by: schurzi <Martin.Schurz@t-systems.com>	2023-01-27 11:01:03 +01:00
schurzi	ee80418496	Merge pull request #618 from dev-sec/deprecate_intitramfs deprecate rebuilding of initramfs	2023-01-25 23:56:36 +01:00
Martin Schurz	7f8e9919ee	add readme Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2023-01-25 22:30:17 +01:00
Sebastian Gumprich	a1028c7504	deprecate initramfs Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2023-01-25 13:07:37 +01:00
mmitnyan	83a0a9242b	Support for Amazon Linux 2 (#624 ) Signed-off-by: Manuel Mitnyan <mmitnyan@videotron.ca> Signed-off-by: Manuel Mitnyan <mmitnyan@videotron.ca>	2023-01-25 09:12:25 +01:00
Sebastian Gumprich	bb588bd777	linting (#603 ) * linting Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * more linting Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * change line length issues Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * replace yes with true in tasks Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * use manual line-wrapping because ansible-lint does not support it correctly. see https://github.com/ansible/ansible-lint/issues/2522 * use manual line-wrapping because ansible-lint does not support it correctly. see https://github.com/ansible/ansible-lint/issues/2522 Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * use manual line-wrapping because ansible-lint does not support it correctly. see https://github.com/ansible/ansible-lint/issues/2522 Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add exception for task Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * remove trailing whitespace * add back deleted params Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add back deleted params Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add back tasks Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>	2023-01-24 12:40:27 +01:00
DonEstefan	674be6dc6f	apply password age settings to exisiting regular users (#582 ) * apply password age settings to regular users * add tests for password ageing Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add debugging vars Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add tests for password ageing Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add tests for password ageing Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * Apply suggestions from code review Co-authored-by: schurzi <github@drachen-server.de> * add additional condtion for regular users Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: DonEstefan <donestefan@users.noreply.github.com> Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com> Co-authored-by: schurzi <github@drachen-server.de>	2023-01-23 10:50:05 +01:00
stdtom	9d2c68ef2f	Preserve default ownership and dir mode for /var/log on Ubuntu (#615 ) * Preserve default ownership and dir mode for /var/log on Ubuntu Signed-off-by: stdtom <stdtom@gmx.net> * linting Signed-off-by: stdtom <stdtom@gmx.net> * Define vars for each OS instead of using defaults. Signed-off-by: stdtom <stdtom@gmx.net> * Fix values for os_mnt_var_log_dir_mode and os_mnt_var_log_group Signed-off-by: stdtom <stdtom@gmx.net> Signed-off-by: stdtom <stdtom@gmx.net>	2023-01-23 09:34:41 +01:00
rndmh3ro	b3fbfcedbe	Prettified Code!	2023-01-19 12:45:51 +00:00
Paweł Krawczyk	88ef3cf3af	Parametrize more auditd.conf options (#535 ) * Parametrize more auditd.conf options * Parametrize more auditd.conf options * Add `os_auditd` options * Add os_auditd_log_group * Add os_auditd_log_group Co-authored-by: Paweł Krawczyk <p@krvtz.net> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2023-01-19 13:45:24 +01:00
richardlock	a82942a63a	Add support for /etc/auditd.conf num_logs to go with max_log_file_action. (#617 ) Signed-off-by: Richard Lock <r.j.lock@derby.ac.uk> Signed-off-by: Richard Lock <r.j.lock@derby.ac.uk>	2023-01-12 12:52:48 +01:00
Sebastian Gumprich	be0642bcfb	add verify-task to check if mysql is running and enabled (#608 ) * add verify-task to check if mysql is running and enabled Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * Update molecule/mysql_hardening/verify_tasks/service.yml Co-authored-by: schurzi <Martin.Schurz@t-systems.com> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: schurzi <Martin.Schurz@t-systems.com>	2022-12-07 08:49:07 +01:00
DonEstefan	bb3c63e321	fix IPv6 hardening (#607 ) Signed-off-by: DonEstefan <donestefan@users.noreply.github.com> Signed-off-by: DonEstefan <donestefan@users.noreply.github.com> Co-authored-by: donestefan <donestefan@users.noreply.github.com>	2022-11-30 16:13:25 +01:00
Sebastian Gumprich	e66c2eb6bb	Add OpenSUSE support (#605 ) * Add variables for mariadb on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * enable pipeline Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * add a note about the reuirement of the jmespath library. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Use python3 on opensuse Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * use right ansible variable Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * Suse requires python-rpm Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * try zypper Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * python-xml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try at fixing the install Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * another try now with rpm. Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix my yml... Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * typo Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * do the test for Suse on the shell and not in ansible Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * specify to use bash * try the removes keyword of builtin.shell Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix ansible syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * fix zypper syntax Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * ensure pymysql is present Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> * set ansible python interpreter in converge-step, too Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * move install task to prepare Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de> Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> Co-authored-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>	2022-11-29 15:09:27 +01:00
Jacob Sievert	ade6deeba2	Updates handlers for new ansible syntax and deprecated options for legacy commands (#602 ) * Update main.yml fixes the handler file and set new syntax Signed-off-by: Jacob Sievert <jacob.sievert@sievert-mail.de> * changes command module from legacy to builtin. Signed-off-by: Jacob Sievert <jacob.sievert@sievert-mail.de> Signed-off-by: Jacob Sievert <jacob.sievert@sievert-mail.de>	2022-11-24 08:39:05 +01:00

1 2 3 4 5 ...

332 commits