Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
242 commits 15 branches 57 tags 4.6 MiB
Commit graph

242 commits

This branch
This branch
All branches
Author SHA1 Message Date
Lukas Erlacher
3ccb3eb8de Remove rsync from package blacklist 
rsync was erroneously added to `os_security_packages_list` variable,
meaning it was uninstalled as a "package with known issues".

Fixes #141
 2017-08-07 21:55:30 +02:00
Sebastian Gumprich
e1395fb2f2 Update minimize_access.yml 2017-08-07 21:55:30 +02:00
Sebastian Gumprich
e879831819 add passwd vars 2017-08-07 21:55:30 +02:00
Sebastian Gumprich
41feffdc17 add kitchen to os_ignore_user to fix #124 2017-08-07 21:53:56 +02:00
Sebastian Gumprich
ef1c718ba7 remove execshield on rhel7 2017-08-07 21:53:56 +02:00
Sebastian Gumprich
de6653d9bb add shadow task 2017-08-07 21:53:37 +02:00
Sebastian Gumprich
e01a478858 remove useless check 2017-08-07 18:48:34 +02:00
Sebastian Gumprich
cf3bbb3dd4 add conditional check 2017-08-07 15:08:12 +02:00
Sebastian Gumprich
62d20e299f install modprobe package, 
check for modprobe

use apt and yum instead of package

Revert "use apt and yum instead of package"

This reverts commit 215a97b1867a7a8af5e0e64e9f77181d4c4a5050.

use latest to install kmod

run apt-get update
 2017-08-07 14:56:42 +02:00
Sebastian Gumprich
f1df3a3c48 Merge pull request #134 from dev-sec/style 
style update
 2017-08-06 14:52:08 +02:00
Sebastian Gumprich
0aa330a35f Merge pull request #135 from dev-sec/prelinkt 
remove prelink package, control package-09
 2017-08-06 14:52:02 +02:00
Sebastian Gumprich
a1a1371a83 update readme 2017-08-05 21:58:29 +02:00
Sebastian Gumprich
a461deffff Merge branch 'master' into style 2017-08-05 21:46:58 +02:00
Sebastian Gumprich
8df021d3b5 update spaces, bools, trues 2017-08-05 21:43:28 +02:00
Sebastian Gumprich
09bcc0baad Merge pull request #137 from dev-sec/netrc 
new task for delete netrc files, control os-09
 2017-08-05 21:05:04 +02:00
Sebastian Gumprich
a957fb6245 style update 2017-08-04 22:23:12 +02:00
Sebastian Gumprich
9c77f82899 new task for delete netrc files 2017-08-04 21:55:59 +02:00
Sebastian Gumprich
bb85a92ff0 remove prelink, package-09 2017-08-04 21:45:33 +02:00
Sebastian Gumprich
129f1a2314 Merge pull request #130 from fazlearefin/master 
Fix ansible.cfg and use comment filter
 2017-07-17 21:05:39 +02:00
Fazle Arefin
6cbc26040f Add comment filter to {{ansible_managed}} string 
- multiline {{ansible_managed}} strings do not get properly commented
without the comment filter (see
http://docs.ansible.com/ansible/playbooks_filters.html#comment-filter )
 2017-07-07 11:49:33 +10:00
Fazle Arefin
192046d4ac Fix ansible.cfg 
- using `%Y-%m-%d` in `ansible_managed` message is not recommended
as deploying from a new git checkout will change the `ansible_managed`
string in the template and Ansible will report the template file as changed
(see http://docs.ansible.com/ansible/intro_configuration.html#ansible-managed )
- add `scp_if_ssh` in ansible.cfg
 2017-07-07 11:48:53 +10:00
Sebastian Gumprich
cb8f952a86 update changelog 2017-06-28 16:00:41 +02:00
Sebastian Gumprich
6d21d249b9 Merge pull request #120 from dev-sec/combined_sysctl 
add more sysctl settings, allow overwriting
 2017-06-27 20:59:04 +02:00
Sebastian Gumprich
0b8e42c5c6 remove 12.04 support 2017-06-27 15:03:22 +02:00
Sebastian Gumprich
8f6d3b1800 use with_flattened and default lists 2017-06-27 12:10:32 +02:00
Sebastian Gumprich
e0e2b2a601 remove omit param in default() 2017-06-06 16:39:13 +02:00
Sebastian Gumprich
7bbd479a9a Update README.md 2017-05-28 18:31:10 +02:00
Sebastian Gumprich
5c48c74f79 add more sysctl settings, allow overwriting 2017-05-07 15:12:31 +02:00
Sebastian Gumprich
24baf2c126 Merge pull request #126 from pestaa/patch-1 
Converts set to JSON-serializable list
 2017-05-07 13:25:11 +02:00
Istvan Beregszaszi
402f9b508f Converts set to JSON-serializable list 
Fixes #125.
 2017-05-06 22:25:17 +02:00
Sebastian Gumprich
83557bb057 update package 2017-04-22 20:50:29 +02:00
Sebastian Gumprich
7fdd7b4bb8 Merge pull request #106 from dev-sec/skip_fail 
omit empty variables
 2017-03-14 18:32:22 +01:00
Sebastian Gumprich
7f1415f339 Merge pull request #114 from dev-sec/fix_111 
install initramfs-tools
 2017-03-14 18:32:16 +01:00
Sebastian Gumprich
0ab4db4228 omit empty variables 
omit empty variables when in check-mode or when set_fact is skipped.

Fix #105
 2017-03-01 21:17:41 +01:00
Sebastian Gumprich
334e203f8b install initramfs-tools 
These are not installed by default on debian 8 but needed for module generation.

see: https://github.com/dev-sec/ansible-os-hardening/issues/111
 2017-03-01 21:17:23 +01:00
Sebastian Gumprich
a9095928ac Merge pull request #117 from dev-sec/shadow_owner 
change shadow owner in debian systems
 2017-03-01 21:15:47 +01:00
Sebastian Gumprich
1d48b0d10a change shadow owner in debian systems 2017-03-01 20:58:19 +01:00
Sebastian Gumprich
987a3331f0 Merge pull request #110 from dev-sec/docker 
use new Docker images
 2017-03-01 20:31:08 +01:00
Sebastian Gumprich
dfc505634b update min ansible version 2017-02-28 21:34:35 +01:00
Sebastian Gumprich
3af185ba8d use new docker images 2017-01-22 16:05:45 +01:00
Sebastian Gumprich
0779022a6e Merge pull request #113 from tyrken/rhel7 
Rhel7
 2017-01-20 16:42:00 +01:00
Tristan Keen
1cacbf4256 Support RHEL7 password quality and HTTP(S) proxies 
Oracle Linux -> OracleLinux in both ansible_os_family and ansible_distribution: https://github.com/ansible/ansible/pull/10789
(Note - older versions before latest 1.9 had the name including a space - but I can see PR to drop 1.9 support is in progress)

pam_pwfamily (the supposed package to install to get password complexity checking in RHEL7) doesn't seem to exist.
There is a libpwquality package that provides /usr/lib64/security/pam_pwquality.so, but that is installed by default according to a RHEL support case answer.
 2017-01-19 15:13:48 +00:00
Sebastian Gumprich
a8f8cd083a Update README.md 2017-01-09 07:24:57 +01:00
Sebastian Gumprich
1e57cb64a2 Merge pull request #104 from ypid/fix/role_description 
Don’t refer to this role as "playbook" in the role description
 2016-12-03 18:33:47 +01:00
Robin Schneider
c934a01c15
Don’t refer to this role as "playbook" in the role description 
Finishes work done by @rndmh3ro in #97

Closes: #97
 2016-12-03 11:36:11 +01:00
Sebastian Gumprich
5fc62a7f89 update changelog 2016-10-24 15:34:07 +02:00
Christoph Hartmann
6505157c62 Merge pull request #101 from dev-sec/update_pwqual 
update template
 2016-10-24 14:16:13 +02:00
Sebastian Gumprich
62a91011dd add comments to variables 2016-10-24 14:11:43 +02:00
Christoph Hartmann
fa59170f37 Merge pull request #100 from dev-sec/deprec_warn 
fix deprecation warning for undefined error. #99
 2016-10-24 10:54:08 +02:00
Sebastian Gumprich
11c81971e1 fix deprecation warning for undefined error. #99 2016-10-07 21:28:57 +02:00