* Update Ubuntu compatability
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* reload systemd when disabling ssh socket
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* manage systemd files
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* Create privsep directory for Debian
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* Use working Ubuntu 24.04 image for vm tests
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* Remove deprecated Debian 10
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
---------
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
* centos7 is eol, remove it
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
* change workflow to update readmes when meta/main.yml is changed
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
* remove mention of centos 7 from readme
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
---------
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
* add debian 12 support
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* temp disable pam-checks
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* remove debian12 from vagrant tests as there's no box yet
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* use new pam-tester from pip
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* use new pam-tester from pip
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add setuptoolks to pam-tester install
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add setuptoolks to pam-tester install
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add setuptoolks to pam-tester install
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add setuptoolks to pam-tester install
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* install pam-tester with python3 and use full path to it
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* install python3-setupttools in verify-tests
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* fix path for pam-tester in all tests
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* set python interpreter to 3 for verify-tests
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* Revert "set python interpreter to 3 for verify-tests"
This reverts commit 00b6556e33.
* add back accidentally deleted tasks
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
---------
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* Include Debian 11 into Molecule test suites (#527)
Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>
* Fix Ansible Lint GitHub Action version (#527)
Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>
* Update .gitignore
Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>
* mysql_hardening: Use Python 3 as Ansible interpreter (#527)
Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>
* Note Debian 11 support for os_hardening & nginx_hardening (#527)
Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>
* Fix lint issues & Ansible Lint configuration in CI
Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>
* Try to fix YAML lint issues, again
Re-ordered YAML comments at the end of `.yamllint` file.
Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>
* rm debian9 from tests, add debian 11 where missing
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* fix mysql molecule tests
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Signed-off-by: Daya Adianto <dayaadianto@cs.ui.ac.id>
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add rocky linux 8 tests and make sure that all relevant tasks are executed
Signed-off-by: rndmh3ro <github@gumpri.ch>
* fix missing quote
Signed-off-by: rndmh3ro <github@gumpri.ch>
* add a runtime.yml to declare minimum ansible version
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
* add minimum ansible version to reamde
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
* Prettified Code!
* Add kernel parameter information to README
Add initial documentation around configuring audit=1 to reduce the inaccuracies in the auditd logs.
Closes https://github.com/dev-sec/ansible-os-hardening/issues/253
Signed-off-by: Jared Ledvina <jared@techsmix.net>
* Cleanup spellinng
Signed-off-by: Jared Ledvina <jared@techsmix.net>
* Make max_log_file_action for auditd configurable
This commit allows to configure the max_log_file_action auf auditd to
avoid filling small /var/log partitions for systems that create many
audit log entries. Or run for a long period of time.
Signed-off-by: Jan Dittberner <jan.dittberner@t-systems.com>
* Add os_auditd_max_log_file_action to README
Signed-off-by: Jan Dittberner <jan.dittberner@t-systems.com>
check for modprobe
use apt and yum instead of package
Revert "use apt and yum instead of package"
This reverts commit 215a97b1867a7a8af5e0e64e9f77181d4c4a5050.
use latest to install kmod
run apt-get update
