Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
1615 commits 15 branches 57 tags 4.6 MiB
Commit graph

1615 commits

This branch
This branch
All branches
Author SHA1 Message Date
Martin Schurz
b9e33091e2 fix problems with auth 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 21:30:35 +01:00
Martin Schurz
7f1765c608 consolidate auth for rhel 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 17:30:02 +01:00
Martin Schurz
30f0839513 add support for rhel8 and sssd 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 12:44:20 +01:00
Martin Schurz
532917d956 remove rhel6 support from pam 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 12:14:54 +01:00
Martin Schurz
04654d0490 correct typo 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 11:19:12 +01:00
Martin Schurz
aa166f43fc split debian and rhel pam config 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 02:07:25 +01:00
Martin Schurz
19482c319c force create symlink 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-13 19:38:57 +01:00
Martin Schurz
fc7fb4fc8a make compatible to authconfig 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-13 18:09:48 +01:00
Maxim Burgerhout
8baab7516e Extend GSSAPI configuration support to ssh_config 
Previously, the ssh_gssapi_support variable only toggled the GSSAPI
settings in sshd_config.

Through this change, setting ssh_gssapi_support to true also enables
support in ssh_config.

It enables both authentication and credential delegation.

Signed-off-by: Maxim Burgerhout <maxim@wzzrd.com>
 2021-02-12 13:10:35 +01:00
Martin Schurz
7282187a90 Merge branch 'master' into tally 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 21:44:55 +01:00
Martin Schurz
157f4fca70 add tasks for faillock on debian 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 21:43:30 +01:00
dev-sec CI
70cd7bbf1e update changelog 2021-02-10 15:07:15 +00:00
Sebastian Gumprich
6be31fbc3b
do not install mysql python package on target host (#401) 
this package has to be installed on the host that executes the task

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-02-10 15:57:51 +01:00
Sebastian Gumprich
756839f8f0
make wrong password fail task (#400) 
* make wrong password fail task

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add name to fail task

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-02-10 15:55:08 +01:00
Sebastian Gumprich
c55c1f21ed
add restart handler variable for mysql role (#399) 
* add restart handler variable for mysql role

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add prettierignore file to ignore CHANGELOG

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-02-10 15:54:57 +01:00
dev-sec CI
8d3e452ce3 update galaxy.yml with new version 2021-02-10 13:02:01 +00:00
dev-sec CI
d8ea484f92 update changelog 2021-02-10 12:51:07 +00:00
schurzi
a98876b350
update ansible-lint to version 5 (#397) 
* add ansible to requirements

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* trigger run

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* update noqa for ansible-lint 5

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 13:47:01 +01:00
dev-sec CI
6d369739e4 update changelog 2021-02-10 11:59:07 +00:00
schurzi
2b39258d47
Merge pull request #395 from Normo/update-galaxy-version 
fix galaxy action to update local galaxy.yml
 2021-02-10 12:56:53 +01:00
Martin Schurz
75a8aca905 fix galaxy action to update local galaxy.yml 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 12:53:02 +01:00
Martin Schurz
94b9bfc3cd add files for faillock 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 12:49:12 +01:00
Norman Ziegner
b26b4e090c
Bump collection version from 7.0.0 to 7.1.1 
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
 2021-02-10 10:11:15 +01:00
Norman Ziegner
f035053381
Only set default for ssh host key files when hardening the server (#393) 
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
 2021-02-09 10:01:41 +01:00
rndmh3ro
0cfdb1954e Prettified Code! 2021-02-09 08:45:31 +00:00
Norman Ziegner
614662b99d
Add variable to specify host rsa key size (#394) 
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
 2021-02-09 09:44:55 +01:00
Martin Schurz
3ad4fbab0e add guard for tally debian unstable 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-08 11:18:50 +01:00
Martin Schurz
ebbf6855e8 add rhel faillock config 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-08 10:51:16 +01:00
Martin Schurz
b210df1233 re-add debian tally config 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-08 10:51:03 +01:00
Martin Schurz
a55a4d2024 remove pam_tally2 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-08 08:09:43 +01:00
dev-sec CI
a17f4a6f45 update changelog 2021-02-05 19:42:47 +00:00
schurzi
30f03bc124
Merge pull request #390 from dev-sec/fix_docs 
fix minimum required ansible version in docs
 2021-02-05 20:40:42 +01:00
schurzi
40bc23d7da Prettified Code! 2021-02-05 19:39:43 +00:00
Martin Schurz
c6114278a1 fix minimum required ansible version in docs 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-05 20:39:04 +01:00
dev-sec CI
e833d1dce4 update changelog 2021-02-05 18:46:35 +00:00
schurzi
4b0819349d
use fqcn for community.crypto.openssh_keypair module (#389) 
tihis fixes a problem with Ansible 2.9 where the default openssh_keypair
is not supporting every option we need

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-05 19:44:23 +01:00
dev-sec CI
2f9cd82615 update changelog 2021-02-02 10:02:38 +00:00
schurzi
9db01d5fbe
Merge pull request #386 from dev-sec/changelog_gen_v1 
use version tag for changelog action
 2021-02-02 11:00:11 +01:00
Martin Schurz
e4b0801d22 use version tag for changelog action 
Referencing actions by the short SHA will be deprecated soon

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-02 10:58:52 +01:00
dev-sec CI
67c40dc021 update changelog 2021-01-22 13:57:21 +00:00
dev-sec CI
9c17f0f7c3 update changelog 2021-01-22 12:59:34 +00:00
schurzi
8a1064ded4
make release workflow manually runnable (#384) 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-01-22 13:57:20 +01:00
dev-sec CI
29b72ea277 update changelog 2021-01-22 11:37:26 +00:00
schurzi
6e84f53a75
run labeler workflow with higher privileges (#383) 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-01-22 12:34:59 +01:00
schurzi
7a560b3d38
remove issue labels from changelog (#382) 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-01-22 12:34:51 +01:00
schurzi
66feb7c2ad
Merge pull request #380 from mpraeger/feature/host_certificates 
add Support for OpenSSH HostCertificate config option
 2021-01-22 10:43:32 +01:00
Maximilian Praeger
4399d3f885 removed: unneccessary conditional 
Signed-off-by: Maximilian Praeger <mpraeger@users.noreply.github.com>
 2021-01-22 07:24:54 +01:00
Maximilian Praeger
6b55b9619c added: comment for HostCertificate 
Signed-off-by: Maximilian Praeger <mpraeger@users.noreply.github.com>
 2021-01-22 07:24:54 +01:00
Maximilian Praeger
8f7bae533c fixed: add empty line after HostCertificate loop 
Signed-off-by: Maximilian Praeger <mpraeger@users.noreply.github.com>
 2021-01-22 07:24:54 +01:00
Maximilian Praeger
9853c7ea45 added: defaults for ssh_host_certificates 
Signed-off-by: Maximilian Praeger <mpraeger@users.noreply.github.com>
 2021-01-22 07:24:54 +01:00