Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
2120 commits 15 branches 57 tags 4.6 MiB
Commit graph

2120 commits

This branch
This branch
All branches
Author SHA1 Message Date
Martin Schurz
7e33ea0bae use ansible-lint to autofix problems 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-12-06 14:37:09 +01:00
Martin Schurz
5381a23a4a fix paste error 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-12-06 11:38:49 +01:00
Martin Schurz
e00716df62 fix lint findings 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-12-06 11:36:08 +01:00
Martin Schurz
6ce8b68650 adjust exclude paths 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-12-06 11:11:21 +01:00
Martin Schurz
f4500457fa extend action triggers 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-12-06 11:09:24 +01:00
Martin Schurz
2bbfe2dd6b exclude waiver files 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-12-06 11:07:43 +01:00
Martin Schurz
db437c79f5 extend action triggers 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-12-06 11:00:22 +01:00
Martin Schurz
099145c9b3 remove excludes 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-12-06 10:58:26 +01:00
Martin Schurz
9862676ecf use new ansible-lint action 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-12-06 10:57:45 +01:00
dev-sec CI
5a062c6db2 update changelog 2023-11-24 12:37:45 +00:00
schurzi
508b993570
Merge pull request #722 from dev-sec/arch_audit 
support restarts of audit service on Arch linux
 2023-11-24 13:36:18 +01:00
Martin Schurz
54f9ef42a1 don't try to restart audit in check mode 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-22 00:45:38 +01:00
Martin Schurz
25acb76c05 reload systemd after installation 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 23:59:22 +01:00
Martin Schurz
0f6b8e4a3a use full service name for handler 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 23:04:41 +01:00
Martin Schurz
571cec1a5c re-add vm tests 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 22:12:50 +01:00
Martin Schurz
20dd04c9cb split notify, add tmp options for arch 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 21:58:58 +01:00
Martin Schurz
60d10811d4 add separate handlers for audit restart 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 21:45:05 +01:00
Martin Schurz
84c43c0550 limit tests to some distros 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 21:27:23 +01:00
dev-sec CI
c76862831b update changelog 2023-11-21 15:58:10 +00:00
schurzi
f9a1cab023
Merge pull request #721 from dev-sec/python_version 
pin Ansible to always let Renovate update to the most current version in our tests
 2023-11-21 16:38:21 +01:00
Martin Schurz
f15ff3fc83 remove unneeded mysql vars 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 16:37:50 +01:00
Martin Schurz
aae720c977 update python version for all tests 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 12:23:49 +01:00
dev-sec CI
af8045a55a update changelog 2023-11-21 11:23:22 +00:00
Martin Schurz
c3b9245900 fix for mysql role 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 12:22:47 +01:00
Martin Schurz
5c5f2ce446 remove the base ansible package 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 12:22:47 +01:00
Martin Schurz
7b32deca17 pin the right ansible package 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 12:22:47 +01:00
Martin Schurz
e2c2d0d5e2 pin Ansible version 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 12:22:47 +01:00
Martin Schurz
addbbd32cf run tests on update of dependencied 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 12:22:47 +01:00
Martin Schurz
01cc9c811f update python versions for testing 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-21 12:22:47 +01:00
schurzi
e98d766c6c
Merge pull request #718 from akikanellis/fix-disabling-filesystems-idempotency 
Restore idempotency for disabling unused filesystems with Ansible 2.16.0
 2023-11-21 12:20:42 +01:00
Aki Kanellis
a15159d072 Make disabling unused filesystems idempotent 
The `os_unused_filesystems` was lacking sorting, making the task not
idempotent. This was especially apparent and random in Molecule tests
when this collection was added as a dependency.

Signed-off-by: Aki Kanellis <hello@akikanellis.com>
 2023-11-19 19:57:31 +00:00
dev-sec CI
dc432ba71c update galaxy.yml with new version 2023-11-16 14:42:54 +00:00
dev-sec CI
2c91f89903 update nginx_hardening readme 2023-11-16 14:33:13 +00:00
dev-sec CI
83cf8aedcc update changelog 2023-11-16 14:21:56 +00:00
dev-sec CI
9c848839d9 update mysql_hardening readme 2023-11-16 14:20:48 +00:00
dev-sec CI
1b69855d51 update os_hardening readme 2023-11-16 14:20:47 +00:00
dev-sec CI
512e31f1ae update ssh_hardening readme 2023-11-16 14:20:44 +00:00
Sebastian Gumprich
2db75b53c1
make it possible to configure more then yes and no for PermitTunnel (#715) 
This is a breaking change, since the default variable is now a string instead of a bool

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@telekom.de>
 2023-11-16 15:20:22 +01:00
dev-sec CI
aea12c8b90 update changelog 2023-11-16 11:37:42 +00:00
schurzi
0371a2690b Prettified Code! 2023-11-16 11:35:10 +00:00
schurzi
3525db8c44
Merge pull request #714 from dev-sec/badges 2023-11-16 12:27:39 +01:00
Martin Schurz
adda83572a fix mixup, add custom test badge 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-16 12:10:41 +01:00
Martin Schurz
01bde49fbc update badges 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-16 11:30:38 +01:00
dev-sec CI
9bf243f198 update changelog 2023-11-16 08:16:54 +00:00
schurzi
3d98cbf67b
add testing and support for current versions of Fedora and FreeBSD (#709) 
* add testing and support for current versions of Fedora and FreeBSD

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* add waivers for FreeBSD

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* use original fedora images

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* also harden /home mount

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* also harden /tmp mount

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* test mock efi directory

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* remove mock

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* umount efi

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* add /tmp to special mountpoints

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* set options for /tmp mount

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* create /tmp mount

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* create /tmp mount and mount it ...

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* make fewer changes to default test run

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

* use correct Ansible var

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>

---------

Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-16 09:14:03 +01:00
dev-sec CI
4a5a6e18e7 update changelog 2023-11-14 12:24:07 +00:00
dev-sec CI
5ac5547ba4 update changelog 2023-11-12 19:47:19 +00:00
schurzi
15f2de8b44
fix os ci (#711) 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-12 20:45:30 +01:00
dev-sec CI
695f85f758 update changelog 2023-11-12 11:44:12 +00:00
schurzi
57d2d524b3
add temporary fix for nginx ci tests (#710) 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2023-11-12 12:41:15 +01:00