dev-sec CI
1b69855d51
update os_hardening readme
2023-11-16 14:20:47 +00:00
dev-sec CI
512e31f1ae
update ssh_hardening readme
2023-11-16 14:20:44 +00:00
Sebastian Gumprich
2db75b53c1
make it possible to configure more then yes and no for PermitTunnel ( #715 )
...
This is a breaking change, since the default variable is now a string instead of a bool
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@telekom.de>
2023-11-16 15:20:22 +01:00
dev-sec CI
aea12c8b90
update changelog
2023-11-16 11:37:42 +00:00
schurzi
0371a2690b
Prettified Code!
2023-11-16 11:35:10 +00:00
schurzi
3525db8c44
Merge pull request #714 from dev-sec/badges
2023-11-16 12:27:39 +01:00
Martin Schurz
adda83572a
fix mixup, add custom test badge
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-16 12:10:41 +01:00
Martin Schurz
01bde49fbc
update badges
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-16 11:30:38 +01:00
dev-sec CI
9bf243f198
update changelog
2023-11-16 08:16:54 +00:00
schurzi
3d98cbf67b
add testing and support for current versions of Fedora and FreeBSD ( #709 )
...
* add testing and support for current versions of Fedora and FreeBSD
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* add waivers for FreeBSD
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* use original fedora images
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* also harden /home mount
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* also harden /tmp mount
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* test mock efi directory
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* remove mock
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* umount efi
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* add /tmp to special mountpoints
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* set options for /tmp mount
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* create /tmp mount
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* create /tmp mount and mount it ...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* make fewer changes to default test run
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* use correct Ansible var
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
---------
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-16 09:14:03 +01:00
dev-sec CI
4a5a6e18e7
update changelog
2023-11-14 12:24:07 +00:00
dev-sec CI
5ac5547ba4
update changelog
2023-11-12 19:47:19 +00:00
schurzi
15f2de8b44
fix os ci ( #711 )
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-12 20:45:30 +01:00
dev-sec CI
695f85f758
update changelog
2023-11-12 11:44:12 +00:00
schurzi
57d2d524b3
add temporary fix for nginx ci tests ( #710 )
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-12 12:41:15 +01:00
dev-sec CI
e4cfa198af
update changelog
2023-11-12 09:17:09 +00:00
schurzi
eac33e8918
Merge pull request #649 from dev-sec/mysql_roles
2023-11-12 10:14:02 +01:00
Martin Schurz
655cb49630
add note to temporary fix
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-12 10:00:33 +01:00
Martin Schurz
3c73f8ab1d
use release version of inspec profile again
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:47:00 +01:00
Martin Schurz
8e97184d5e
test wirth modified inspec profile
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:39:20 +01:00
Martin Schurz
7437f68c86
onece more ...
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:26 +01:00
Martin Schurz
bf177add07
one last time ...
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:26 +01:00
Martin Schurz
fb22b242fe
better compare for utf8
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
0c8c96a535
collate for opensuse
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
99784726f8
drop role after test for inspec
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
2f5360225b
extend role check
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
fdf7bbd7be
correct hostname in test
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
ee1fec3d3e
correct indentation
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
35df355248
add tests for roles
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
ec8811acdf
use like to coerce collation
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
6681e0b319
correct query
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
79dc1d5474
check mode for status var
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
219ec1938b
try symlink fix
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
336861838a
try local path
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
b07ac77223
test removing requirements
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
665edd5157
re-add working directories
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
8f516018b6
trigger workflow
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:25 +01:00
Martin Schurz
4756a620f2
reduce dir dependencies
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:37:02 +01:00
Martin Schurz
c59a4d4e48
fix role path
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:36:26 +01:00
Martin Schurz
216b56f468
lint
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:36:26 +01:00
Martin Schurz
36715017d7
use separate task for role detection
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-11 15:36:26 +01:00
Martin Schurz
2c18d3afda
use if for role detection
...
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2023-11-11 15:34:34 +01:00
Sebastian Gumprich
bd721317d2
try to fix IS_ROLE
...
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-11-11 15:34:34 +01:00
Sebastian Gumprich
92e6cad463
try to fix IS_ROLE
...
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-11-11 15:34:34 +01:00
Sebastian Gumprich
66adae0faa
try to fix IS_ROLE
...
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-11-11 15:34:34 +01:00
Sebastian Gumprich
dc583422bc
try to fix IS_ROLE
...
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-11-11 15:34:33 +01:00
Sebastian Gumprich
4c5a5deec6
try to fix IS_ROLE
...
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-11-11 15:34:33 +01:00
Sebastian Gumprich
a6892904bf
try to fix IS_ROLE
...
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-11-11 15:34:33 +01:00
Sebastian Gumprich
0675167cb2
do not create role for now!
...
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-11-11 15:34:33 +01:00
Sebastian Gumprich
8d5143b5d7
try to fix IS_ROLE
...
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-11-11 15:34:33 +01:00