* regenerate RSA key with size 4096 bits
Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>
* fixed lint problem
Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>
* fixed E301 lint error
Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>
* added host keys related vars
Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>
* used openssh_keypair module
Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>
* changed RSA private key mode to 0640
Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>
* specified condition to prevent wrong file mode on debian-based OS
Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>
* Enabled SYN cookie sysctl.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
* Removed SYN cookies from here since it's a default now.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
* make auditd 'max_log_file' configurable
Signed-off-by: Thomas Gueldner <T.Gueldner@t-systems.com>
* fix documentation for os_auditd_max_log_file
Signed-off-by: Thomas Gueldner <T.Gueldner@t-systems.com>
* add a runtime.yml to declare minimum ansible version
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
* add minimum ansible version to reamde
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
* Prettified Code!
* change inclusion of os specific defaults
we now include the os specific options into a separate variable and
merge this with the default ansible namespace, when the corresponding
keys do not already exist (eg. are defined by default oder by user)
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* simplify check for os specific variables
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* add test for variable override
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* move tests to verify stage
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* correct grep
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* linting
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* fix typo
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* Revert "Merge pull request #351 from sprat/fix-umask"
This reverts commit 9e8e0bc8fb, reversing
changes made to 98c7553016.
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* move immutable ssh vars to internal vars
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* move vars to OS files
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* change default handling for all roles
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* fix issues
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* add documentation
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* Update main.yml
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
* Removed Protocol statement in later versions of sshd, since the code for SSH-1 has been removed in sshd.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
* Prettified the generated ssh_config. No functional changes, removed spaces and orphan comments.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
* Removed Protocol statement in later versions of sshd, since the code for SSH-1 has been removed in sshd.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
* Removed blank lines and prettified ssh_config.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
* Added note about setting sshd_authenticationmethods if ssh_server_password_login.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
* Backticked true.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
* fix changelog generation
the changelog generation fails because we merged other repos into
this one and these commits do not share a common ancestor.
see this issue: https://github.com/github-changelog-generator/github-changelog-generator/issues/665
to workaround this, we change the changelog generation so all tags older than 7.0.0 will be ignored
(--since-tag does not work here because it still works on all tags). This however will remove
older releases from the changelog so we move these old releases into a separate file.
this is okay for me since these old releases are for ansible-os-hardening and not the collection.
the new changelog file will contain all changes since 7.0.0.
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
* fix regex in action
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
