Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 17:24:12 +00:00
Code Issues Projects Releases Packages Wiki Activity
1656 commits 15 branches 57 tags 4.6 MiB
Commit graph

1656 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sebastian Gumprich
5e7a0a60f1 fix linting 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-04-01 21:16:04 +02:00
Sebastian Gumprich
c3b954a2ab add new tasks to delete users without passwords 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-04-01 21:16:04 +02:00
schurzi
add303f2be
Merge pull request #437 from BenjaminBoehm/bugfix/ssh-kex-sntrup-openssh8.5 
Fix ssh kex sntrup761x25519-sha512@openssh.com for openssh >= 8.5
 2021-04-01 21:13:50 +02:00
dev-sec CI
03a0f26917 update changelog 2021-04-01 19:09:51 +00:00
schurzi
fdadb78080
Merge pull request #438 from dev-sec/remove_depracted_secure-auth 
remove secure-auth param if mysql >= 8.0.3
 2021-04-01 21:07:04 +02:00
Sebastian Gumprich
2fb54bd224 remove secure-auth param if mysql => 8.0.3 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

install collection in molecule

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

remove deprecated ubuntu 16.04 from tests

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-04-01 13:20:58 +02:00
Benjamin
29ee683069 Fix ssh kex sntrup761x25519-sha512@openssh.com for openssh >= 8.5 
fix #433

Signed-off-by: Benjamin <gitlab@lnxkiste.de>
Signed-off-by: Benjamin Boehm <git@lnxkiste.de>
 2021-04-01 02:08:24 +02:00
dev-sec CI
d758fa5184 update changelog 2021-03-29 19:28:04 +00:00
schurzi
2882a15ee1
Merge pull request #427 from dev-sec/snoopotic-fix/add_auditd_restart_handler 
add restart-auditd handler after configuration change
 2021-03-29 21:15:46 +02:00
Sebastian Gumprich
458dfa2b6a use cinc exec supermarket instead of github 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-29 16:16:03 +02:00
Sebastian Gumprich
812c6c5974 skip auditd restart in molecule tests 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-29 10:00:15 +02:00
Sebastian Gumprich
ae68f73965 skip auditd restart in molecule tests 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-29 09:29:37 +02:00
dev-sec CI
d1d12ca6d7 update changelog 2021-03-25 12:55:51 +00:00
Farid Joubbi
7af432e1cf
Uppercased first letter of task names. (#422) 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-25 13:52:56 +01:00
dev-sec CI
2dac5e3289 update changelog 2021-03-24 13:34:39 +00:00
Farid Joubbi
c90bbd2c23
Improved comments. (#436) 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-24 14:31:58 +01:00
dev-sec CI
aec1f5dcb7 update changelog 2021-03-24 06:57:54 +00:00
Farid Joubbi
d1143a06b1
Not accepting source routing for IPv6. This was already done for IPv4. (#424) 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-24 07:55:29 +01:00
dev-sec CI
dfa89f7b47 update changelog 2021-03-23 21:04:30 +00:00
schurzi
0f424469be
Merge pull request #432 from joubbi/authtok_type 
os_auth_pam_pwquality_options: Changed type to authtok_type
 2021-03-23 22:01:40 +01:00
Farid Joubbi
240d8acc0c Changed os_auth_pam_pwquality_options type to authtok_type. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-23 11:16:05 +01:00
dev-sec CI
5eae12005a update galaxy.yml with new version 2021-03-23 09:09:20 +00:00
dev-sec CI
84d7bb5f5f update changelog 2021-03-23 09:01:35 +00:00
schurzi
a45eee2204
Merge pull request #431 from joubbi/pwhistory 
Use pam_pwhistory.so instead of pam_unix.so for remembering old passwords
 2021-03-23 09:59:11 +01:00
Martin Schurz
d693a8e200 also use requisite for pwhistory 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-23 08:53:49 +01:00
Martin Schurz
0ac56e4c00 Merge branch 'master' into pwhistory 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-23 08:53:23 +01:00
dev-sec CI
05bc809ba3 update changelog 2021-03-23 07:42:42 +00:00
schurzi
5be13e878f
Merge pull request #430 from joubbi/comment 
Remove comments from PAM config file, but keep it in the template
 2021-03-23 08:40:20 +01:00
Farid Joubbi
659e5ada6a Changed to pam_pwhistory.so instead of pam_unix.so for remembering old passwords. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-22 22:28:25 +01:00
Farid Joubbi
0010715039 Remove comment from output file, but keep it in the template. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-22 19:39:49 +01:00
dev-sec CI
a23eb05001 update changelog 2021-03-22 11:52:11 +00:00
schurzi
69193fe249
Merge pull request #428 from dev-sec/harden_user_home_dires 
Harden user home dirs
 2021-03-22 12:49:48 +01:00
rndmh3ro
369c2986c6 Prettified Code! 2021-03-22 10:23:03 +00:00
Sebastian Gumprich
02c689eaa0 fix loop for home_directories 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-22 11:18:51 +01:00
Sebastian Gumprich
bf82736787 Update roles/os_hardening/tasks/user_accounts.yml 
Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
 2021-03-22 11:18:51 +01:00
Sebastian Gumprich
c86bdcb4c7 linting 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-22 11:18:51 +01:00
Sebastian Gumprich
b5ca78a9cd chmod /home directories to 0700 
This is based on https://github.com/dev-sec/ansible-collection-hardening/pull/277
and updated to work with the new collection.

Thanks to @aardbol for this initial implementation!

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-22 11:18:51 +01:00
dev-sec CI
36bc71fe51 update changelog 2021-03-21 12:20:51 +00:00
schurzi
876cdab430
Merge pull request #429 from dev-sec/proxy 
add support for using a proxy to test with molecule
 2021-03-21 13:18:03 +01:00
Sebastian Gumprich
6c805f6ca9 add support for using a proxy to test with molecule 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-19 15:52:19 +01:00
Sebastian Gumprich
8cb6732882 add support for using a proxy to test with molecule 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-19 15:45:06 +01:00
Sebastian Gumprich
390f7ad6cc fix linting 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-19 14:46:42 +01:00
Felix Herzog
eca93cc80b add restart-auditd handler as after configuration change (e.g. of os_auditd_max_log_file_action) you need to restart. Sadly on rhel7 systems you cannot use systemd. And as debian derivates use service as alias and it works I kept it that simple. also adding 'auditd'-tag to make it easy only run that config change if needed. 
Signed-off-by: Felix Herzog <snoopotic@gmail.com>
 2021-03-19 14:42:31 +01:00
dev-sec CI
9614273653 update changelog 2021-03-16 14:52:14 +00:00
schurzi
a64838272c
Merge pull request #418 from joubbi/documentation2 
Improve Documentation for sysctl defaults
 2021-03-16 15:49:55 +01:00
dev-sec CI
2076990d5d update galaxy.yml with new version 2021-03-16 10:40:04 +00:00
dev-sec CI
3da5b759a2 update changelog 2021-03-16 10:28:41 +00:00
schurzi
8706246309
Merge pull request #421 from schurzi/imprel 
Improve Release Action
 2021-03-16 11:26:21 +01:00
Martin Schurz
cd4925d411 checkout master between 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 11:07:21 +01:00
Martin Schurz
d1b8e7d7a3 update paths 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 11:00:40 +01:00