Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
1999 commits 15 branches 57 tags 4.6 MiB
Commit graph

1999 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dennis Lerch
6bcdb253ec
auditd: add possibility to override config template (#685) 
* make template overrideable

by referencing the auditd.conf.j2 template, a custom template can be provided to the role.

Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com>

* extend auditd config

make freq and log_file configurable
implement write_logs with it's default value in order to be able to disable log writing

Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com>

* Extend README.md documentation by new variables

reorder `os_auditd_log_format` to keep sequence from defaults

Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com>

---------

Signed-off-by: Dennis Lerch <dennis.lerch@mercedes-benz.com>
 2023-07-24 11:34:47 +02:00
dev-sec CI
fc524f5369 update changelog 2023-06-20 13:22:05 +00:00
Sebastian Gumprich
790c7c5846
add var-naming[no-role-prefix] to skip-list (#679) 
there's probably some added value for this, but I see no reason to change so many variables and possibly break something when it still works and nobody complained

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2023-06-20 15:18:55 +02:00
dev-sec CI
45d6a17c08 update changelog 2023-06-12 12:22:09 +00:00
Nejc Habjan
dd215ba310
feat: explicitly support Fedora 37 and 38 (#682) 
Signed-off-by: Nejc Habjan <nejc.habjan@siemens.com>
 2023-06-12 14:18:32 +02:00
dev-sec CI
1fb9988fd7 update changelog 2023-06-10 06:07:05 +00:00
Sebastian Gumprich
f56d80b5d8
Replace ssh_keys group in Fedora with root (#677) 
* Replace ssh_keys group in Fedora with root

In Fedora 38, the `ssh_keys` group was removed. root is used now, in accordance to upstream.

See: https://www.spinics.net/lists/fedora-devel/msg307707.html
See: https://src.fedoraproject.org/rpms/openssh/pull-request/37#

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* change host key mode and owner in fedora and rhel9

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add missing host mode for rhel7

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* harden all ssh host keys

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* skip linting rule

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* correct grp for bsd is wheel

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

---------

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2023-06-10 08:04:04 +02:00
dev-sec CI
0e173b4165 update changelog 2023-05-26 12:13:00 +00:00
Sebastian Gumprich
7e6a715692
setting gets ignored (#680) 
see: https://github.com/authselect/authselect/issues/223

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2023-05-26 14:10:49 +02:00
dev-sec CI
9c86dae383 update changelog 2023-05-23 09:22:51 +00:00
junicast
f3337f33b3
Add oddjob mkhomedir option rhel pam (#675) 
* added support for oddjob mkhomedir via optional var

* optimized conditional

* added variable description

Signed-off-by: Jochen Demmer <jochen.demmer@noris.de>

* added support for oddjob mkhomedir via optional var

Signed-off-by: Jochen Demmer <jochen.demmer@noris.de>

* optimized conditional

Signed-off-by: Jochen Demmer <jochen.demmer@noris.de>

* added variable description

Signed-off-by: Jochen Demmer <jochen.demmer@noris.de>

---------

Signed-off-by: Jochen Demmer <jochen.demmer@noris.de>
Co-authored-by: Jochen Demmer <jochen.demmer@noris.de>
 2023-05-23 11:19:40 +02:00
dev-sec CI
c597eb97b2 update changelog 2023-05-22 13:56:42 +00:00
Andreas Wagner
d7bda7ca3a
expand on check conditions for non-file locations of logs (#674) 
Co-authored-by: whysthatso <git@whysthatso.net>
 2023-05-22 15:53:33 +02:00
dev-sec CI
037919e67a update changelog 2023-04-28 12:08:48 +00:00
schurzi
ed5aefad3e
Merge pull request #667 from dev-sec/molecule_update 
use new molecule-plugins
 2023-04-28 14:05:46 +02:00
Martin Schurz
e5b8df07e2 use new molecule-plugins 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-28 13:48:45 +02:00
dev-sec CI
808cc6d78a update changelog 2023-04-17 07:51:08 +00:00
schurzi
1cce7bca9a
Merge pull request #662 from dev-sec/codespell 
add spellchecking with codespell
 2023-04-17 09:47:53 +02:00
Martin Schurz
74c76b8240 correct workflow name and use main version 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-16 22:57:44 +02:00
Martin Schurz
cd56c017ba add parameter for skipped words 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-16 22:54:43 +02:00
Martin Schurz
93ddd4b45e use shared workflow 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-16 22:49:53 +02:00
Martin Schurz
7259d6b5fd fix spelling errors 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-14 23:51:53 +02:00
Martin Schurz
edcada16e4 add spellchecking with codespell 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-14 23:34:05 +02:00
dev-sec CI
7e31002555 update galaxy.yml with new version 2023-04-13 08:40:54 +00:00
dev-sec CI
8816969278 update changelog 2023-04-12 22:51:41 +00:00
schurzi
7e6e43e0a5
Merge pull request #657 from dev-sec/min_ansible_ver 2023-04-13 00:48:29 +02:00
dev-sec CI
b79eb83d4f update changelog 2023-04-12 20:24:10 +00:00
Martin Schurz
eb47f4dce0 Merge branch 'master' into min_ansible_ver 2023-04-12 22:22:36 +02:00
schurzi
4a21ec0234
Merge pull request #656 from dev-sec/update_Tests 
Update test environment
 2023-04-12 22:21:49 +02:00
Martin Schurz
bb47300798 remove unneccessary collection include 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-12 20:27:35 +02:00
Martin Schurz
de0439ed58 remove unneccessary collection include 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-12 20:22:22 +02:00
Martin Schurz
6e48f686a9 add fedora to testing 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-12 20:21:27 +02:00
Martin Schurz
0014a3be36 update metadata 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-12 20:18:29 +02:00
Martin Schurz
a186760b45 exclude broken tests 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-11 09:51:05 +02:00
Martin Schurz
a5a065f880 shorten text 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-11 07:49:38 +02:00
Martin Schurz
bc9795c215 add noqa for linter 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-11 07:37:07 +02:00
Martin Schurz
f02f8b9a90 add procps for Debian 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-11 07:20:44 +02:00
Martin Schurz
5cc7b8dee3 add waivers for os_hardening 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-11 07:17:29 +02:00
Martin Schurz
ea922f6dca fix lint error 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 23:49:52 +02:00
Martin Schurz
e43f180112 update waiver path 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 23:48:52 +02:00
Martin Schurz
001900ac35 require ansible.builtin.user to be at least 2.11 since options are needed 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 23:42:27 +02:00
Martin Schurz
31c9885610 use docker for inspec-auditor 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 23:22:41 +02:00
Martin Schurz
4a9d6033eb try docker for inspec-auditor 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 23:04:46 +02:00
Martin Schurz
ebab98930c try docker for inspec-auditor 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 22:58:28 +02:00
Martin Schurz
5357f9e718 use current version of amazon linux 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 22:23:48 +02:00
Martin Schurz
dd5ad568b3 fix deprecation warnings 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 20:36:03 +02:00
Martin Schurz
63dc9d3be8 use current amazon linux 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 19:44:01 +02:00
Martin Schurz
7b69c4bd47 add collection link 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 11:21:12 +02:00
Martin Schurz
e4ecfe2084 add collection to verify 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 11:03:33 +02:00
Martin Schurz
e346c2300f remove unneccessary symlink 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2023-04-10 11:02:33 +02:00