Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 13:21:52 +00:00
Code Issues Projects Releases Packages Wiki Activity
1518 commits 12 branches 56 tags 3.7 MiB
Commit graph

1518 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sebastian Gumprich
458dfa2b6a use cinc exec supermarket instead of github 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-29 16:16:03 +02:00
Sebastian Gumprich
812c6c5974 skip auditd restart in molecule tests 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-29 10:00:15 +02:00
Sebastian Gumprich
ae68f73965 skip auditd restart in molecule tests 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-29 09:29:37 +02:00
Sebastian Gumprich
390f7ad6cc fix linting 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-19 14:46:42 +01:00
Felix Herzog
eca93cc80b add restart-auditd handler as after configuration change (e.g. of os_auditd_max_log_file_action) you need to restart. Sadly on rhel7 systems you cannot use systemd. And as debian derivates use service as alias and it works I kept it that simple. also adding 'auditd'-tag to make it easy only run that config change if needed. 
Signed-off-by: Felix Herzog <snoopotic@gmail.com>
 2021-03-19 14:42:31 +01:00
dev-sec CI
9614273653 update changelog 2021-03-16 14:52:14 +00:00
schurzi
a64838272c
Merge pull request #418 from joubbi/documentation2 
Improve Documentation for sysctl defaults
 2021-03-16 15:49:55 +01:00
dev-sec CI
2076990d5d update galaxy.yml with new version 2021-03-16 10:40:04 +00:00
dev-sec CI
3da5b759a2 update changelog 2021-03-16 10:28:41 +00:00
schurzi
8706246309
Merge pull request #421 from schurzi/imprel 
Improve Release Action
 2021-03-16 11:26:21 +01:00
Martin Schurz
cd4925d411 checkout master between 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 11:07:21 +01:00
Martin Schurz
d1b8e7d7a3 update paths 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 11:00:40 +01:00
Martin Schurz
19d5a17a99 remove second call to changelog generator 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 10:56:17 +01:00
dev-sec CI
5cc8b2f42a update changelog 2021-03-16 09:26:22 +00:00
schurzi
976f83e88b
Merge pull request #420 from dev-sec/fqcn_docs 
remove FQCN from roles in examples
 2021-03-16 10:14:03 +01:00
dev-sec CI
6c870aae27 update changelog 2021-03-15 23:12:58 +00:00
schurzi
74c729404b
Merge pull request #392 from dev-sec/tally 
restructure PAM handling and update for currently supported Linux distributions
 2021-03-16 00:10:36 +01:00
Martin Schurz
b2dd73d27e remove unneeded tasks 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-15 23:53:40 +01:00
Martin Schurz
ec9d7d2cb8 cleanup and typos 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-15 23:39:12 +01:00
Farid Joubbi
97c55d6e55 Documented rationale for sysctl values set. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-15 14:01:19 +01:00
Martin Schurz
5f97dffddf Merge branch 'master' into tally 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-11 19:26:37 +01:00
dev-sec CI
eeedaeaffb update changelog 2021-03-11 16:46:51 +00:00
schurzi
0b945536e2
Merge pull request #405 from joubbi/crontab 
Ensure permissions on cron files and directories are configured
 2021-03-11 17:44:26 +01:00
schurzi
103135ce9a fix task naming 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-11 17:21:32 +01:00
Farid Joubbi
4158e0bfb4 Created a list of files/dirs to be looped instead of two tasks per file/dir. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-11 16:54:25 +01:00
dev-sec CI
fed8bdabd7 update changelog 2021-02-25 07:00:24 +00:00
Sebastian Gumprich
f9bbdb20fe
add install instructions 2021-02-25 07:57:55 +01:00
Farid Joubbi
4bad4779cd Fixed copy-paste error by doing og-rwx instead of numerical. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-02-22 22:13:18 +01:00
Martin Schurz
75fc31b80c remove cracklib 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 19:10:45 +01:00
Martin Schurz
10841ced62 case sensitive 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 18:29:55 +01:00
Martin Schurz
335df545fb correct version 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 18:15:33 +01:00
Martin Schurz
6d2c92d4ab correct locale 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 18:14:59 +01:00
Martin Schurz
3334000b97 set locale for test 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 17:45:46 +01:00
Martin Schurz
26d84b5f84 use custom /tmp dir 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 16:46:41 +01:00
Martin Schurz
9b6f313065 move pam tests up 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 15:54:03 +01:00
Martin Schurz
23071a183c add testcases for PAM 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 15:42:13 +01:00
dev-sec CI
66009496e2 update changelog 2021-02-22 09:24:50 +00:00
Sebastian Gumprich
bbf992d9fc
Create dependabot.yml 2021-02-22 10:22:38 +01:00
Farid Joubbi
91a0d62305 Ensure permissions on /etc/crontab are configured. #375 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-02-19 23:19:00 +01:00
Farid Joubbi
60d24db460 Ensure permissions on /etc/crontab are configured. #375 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-02-19 22:40:16 +01:00
dev-sec CI
90e0ce7c6b update changelog 2021-02-17 10:37:06 +00:00
schurzi
8e4c22d8d9
remove FQCN from roles in examples (#404) 
Ansible does not work with FQCN and collections sepcified for including
roles. It is currently expecting to only get the role name in this
context.

Verified with Ansible 2.10.5

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-17 11:34:37 +01:00
Martin Schurz
dba53718cf sssd is disabled on Amazonlinus 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-16 20:44:28 +01:00
Martin Schurz
4a5fa70507 default faillock to yes 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-16 19:31:51 +01:00
Martin Schurz
75683161a5 remove FQCN from roles in examples 
Ansible does not work with FQCN and collections sepcified for including
roles. It is currently expecting to only get the role name in this
context.

Verified with Ansible 2.10.5

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-15 11:26:59 +01:00
dev-sec CI
2a4b98ab4a update changelog 2021-02-15 10:26:19 +00:00
schurzi
5d55d29fe2
Merge pull request #403 from wzzrd/gssapi_client_support 
Extend GSSAPI configuration support to ssh_config
 2021-02-15 11:23:57 +01:00
Martin Schurz
64713ce75d add default for new variable 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-15 11:17:01 +01:00
Martin Schurz
ec36bf5b9c document parameter 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-15 00:22:03 +01:00
Martin Schurz
08aad6e80f add documentation 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-15 00:13:14 +01:00