* rewrite user home dir hardening
* delete duplicate var that was missed in a merge conflict
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* linting
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add tests for home rewrites
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* Apply suggestions from code review
Co-authored-by: schurzi <github@drachen-server.de>
---------
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: donestefan <donestefan@users.noreply.github.com>
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: schurzi <github@drachen-server.de>
* rewrite system account detection and hardening
* resolve failures created when resolving merge conflicts
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add tests for shell removal tasks
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* Update molecule/os_hardening/prepare.yml
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* split tasks for locking and setting shell
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* fix some more linting
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Co-authored-by: donestefan <donestefan@users.noreply.github.com>
Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
* linting
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* more linting
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* change line length issues
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* replace yes with true in tasks
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* use manual line-wrapping because ansible-lint does not support it correctly.
see https://github.com/ansible/ansible-lint/issues/2522
* use manual line-wrapping because ansible-lint does not support it correctly.
see https://github.com/ansible/ansible-lint/issues/2522
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* use manual line-wrapping because ansible-lint does not support it correctly.
see https://github.com/ansible/ansible-lint/issues/2522
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add exception for task
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* remove trailing whitespace
* add back deleted params
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add back deleted params
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* add back tasks
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* Preserve default ownership and dir mode for /var/log on Ubuntu
Signed-off-by: stdtom <stdtom@gmx.net>
* linting
Signed-off-by: stdtom <stdtom@gmx.net>
* Define vars for each OS instead of using defaults.
Signed-off-by: stdtom <stdtom@gmx.net>
* Fix values for os_mnt_var_log_dir_mode and os_mnt_var_log_group
Signed-off-by: stdtom <stdtom@gmx.net>
Signed-off-by: stdtom <stdtom@gmx.net>
* add verify-task to check if mysql is running and enabled
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* Update molecule/mysql_hardening/verify_tasks/service.yml
Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
* Update main.yml
fixes the handler file and set new syntax
Signed-off-by: Jacob Sievert <jacob.sievert@sievert-mail.de>
* changes command module from legacy to builtin.
Signed-off-by: Jacob Sievert <jacob.sievert@sievert-mail.de>
Signed-off-by: Jacob Sievert <jacob.sievert@sievert-mail.de>
