Mirrors/ansible-collection-hardening

mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 13:21:52 +00:00

Author	SHA1	Message	Date
schurzi	b0393a12ce	Merge pull request #470 from ksaadDE/patch-2 Add TLSv1.3 to nginx default configuration	2021-11-15 19:41:49 +01:00
Karim	96d6b47912	Update main.yml TLSv1.3 should be supported (+security) and soon as possible should be TLSv1.2 EOL.	2021-11-15 19:23:47 +01:00
dev-sec CI	0c840372d8	update changelog	2021-11-07 21:30:06 +00:00
schurzi	ff939a2b4c	Merge pull request #499 from darxriggs/improvement-arch-linux Improve testing: install packages on Arch Linux	2021-11-07 22:21:58 +01:00
René Scheibe	0609cf729a	Improve installing packages on Arch Linux This prevents annoying task errors (even though they are ignored) when testing on non-Arch distributions. Running the "prepare" command, this was always visible: > fatal: [instance]: FAILED! => {"changed": false, "msg": "Failed to find required executable \"pacman\" in paths: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin"} Signed-off-by: René Scheibe <rene.scheibe@gmail.com>	2021-11-07 13:53:03 +01:00
dev-sec CI	c9c6819892	update changelog	2021-11-07 10:58:40 +00:00
René Scheibe	bbe4ce16a1	Add whitelist option for yum repository files (#487 ) Files in this whitelist should not be altered. Currently this is only relevant for enforcing the gpg check. Signed-off-by: René Scheibe <rene.scheibe@gmail.com>	2021-11-07 11:56:59 +01:00
dev-sec CI	4eb847c90e	update changelog	2021-10-28 08:33:53 +00:00
lbayerlein	1bf31a197b	disable ctrl-alt-del key combination (#496 ) * new function to disable ctrl-alt-del to avooid reboot virtual machines f.e. Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> * fix variable documentation for ctrlaltdel Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> * added ctrlaltdel variable for molecule Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> * optimize ctrlaltdel function with a 'when' query. thanks to rndmh3ro Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> * fix typo in new file Co-authored-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2021-10-28 10:31:58 +02:00
dev-sec CI	1605f304ec	update changelog	2021-10-25 09:14:17 +00:00
schurzi	12c1f3dd78	Merge pull request #491 from dev-sec/recreate_tests revive old tests with custom ssh settings	2021-10-25 11:12:10 +02:00
rndmh3ro	7f17f9b8b2	remove unused verify file Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-25 11:04:47 +02:00
Sebastian Gumprich	f09b2b6338	fix molecule call	2021-10-25 10:26:56 +02:00
dev-sec CI	2e5e1de407	update changelog	2021-10-24 10:41:11 +00:00
schurzi	c1974282b1	add old role names to tags in Galaxy (#495 ) We deprecated our roles in Ansible Galaxy the deprecation link contains a search keyword with the role name and our new collection should be found, if someone clicks this link. Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>	2021-10-24 12:39:16 +02:00
dev-sec CI	09958ccb91	update changelog	2021-10-24 09:30:03 +00:00
schurzi	08b0fd14f4	Merge pull request #494 from dev-sec/sysctl-34 implement sysctl-34 - link protection settings	2021-10-24 11:21:14 +02:00
schurzi	ff37289879	Merge pull request #493 from dev-sec/rndmh3ro-patch-1 update minimum ansible version for roles	2021-10-24 11:09:37 +02:00
Sebastian Gumprich	9f372c285c	Update roles/os_hardening/defaults/main.yml Co-authored-by: schurzi <Martin.Schurz@t-systems.com>	2021-10-24 10:59:49 +02:00
dev-sec CI	aaf6d307b8	update galaxy.yml with new version	2021-10-22 10:51:29 +00:00
dev-sec CI	3cd532fe41	update changelog	2021-10-21 07:53:07 +00:00
Claudius Heine	384c097f8a	feat(os_hardening): extend file permission tasks to cover more files (#489 ) The tasks `Change shadow ownership to root and mode to 0600` and `Change passwd ownership to root and mode to 0644` only handle `/etc/shadow` and `/etc/passwd` respectively. But there multiple adjacent files that should be handled with these rules as well: - `/etc/gshadow` - `/etc/shadow-` - `/etc/gshadow-` - `/etc/group` - `/etc/shadow-` - `/etc/group-` This change adds those files to the rules, so that permissions are handled in the same way. Closes: #488 Signed-off-by: Claudius Heine <ch@denx.de>	2021-10-21 09:51:20 +02:00
rndmh3ro	346b064682	implement sysctl-34 - link protection settings Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-20 20:59:49 +02:00
Sebastian Gumprich	be0d501bc8	update minimum ansible version for roles fixes #407 Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-20 20:42:05 +02:00
rndmh3ro	12aaa7d955	add new files to labeler config Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-20 15:32:45 +02:00
rndmh3ro	f32b2c2c5e	fix match address test	2021-10-20 15:18:01 +02:00
rndmh3ro	3877a9bab1	fix comment Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-18 22:00:01 +02:00
rndmh3ro	cb7f447d9f	fix comment Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-18 21:55:01 +02:00
rndmh3ro	55c83ac92d	use second molecule scenario for custom ssh tests Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-18 21:49:24 +02:00
rndmh3ro	bbc827e4a1	use second molecule scenario for custom ssh tests Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-18 21:33:45 +02:00
dev-sec CI	999e5fa210	update changelog	2021-10-18 19:14:34 +00:00
schurzi	215c8042ad	Merge pull request #490 from dev-sec/change_baseline_urlsa change baseline urls to full zip-url	2021-10-18 21:04:05 +02:00
rndmh3ro	940819ab84	revive old tests with custom ssh settings Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-18 21:01:02 +02:00
dev-sec CI	21ca7c533a	update changelog	2021-10-18 18:57:06 +00:00
Sina Tak Tehrani	5debcc0c6f	fix filter error in ansible.builtin.file mode parameter (#486 ) * fix filter error in ansible.builtin.file mode parameter * Change cinc supermarket * fix link to baseline * fix typo Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>	2021-10-18 20:55:24 +02:00
rndmh3ro	92bd94a0cf	change baseline urls to full zip-url the other urls that use git don't work anymore Signed-off-by: rndmh3ro <github@gumpri.ch>	2021-10-18 20:28:19 +02:00
dev-sec CI	aea4499805	update galaxy.yml with new version	2021-10-15 13:46:33 +00:00
dev-sec CI	29945527b8	update changelog	2021-08-30 13:47:56 +00:00
ReinerNippes	e819f89ccb	ssh_allow_tcp_forwarding is not a boolean (#480 ) Changed the comment to "Set to 'yes', 'no', 'local', 'all' or 'remote' to allow TCP Forwarding"	2021-08-30 15:46:03 +02:00
dev-sec CI	fcb7efc156	update changelog	2021-08-28 13:23:49 +00:00
Roger Meier	8fdb4e55b8	chore(ssh_hardening): set min_ansible_version to >=2.9.10 (#479 )	2021-08-28 15:21:59 +02:00
rndmh3ro	8ff3d73bbf	Prettified Code!	2021-08-25 10:58:16 +00:00
123quhiwiwk	062dd3f092	Use log_error/datadir from database settings instead of default variable (#478 ) Signed-off-by: 123quhiwiwk <70281681+123quhiwiwk@users.noreply.github.com>	2021-08-25 12:57:46 +02:00
dev-sec CI	37cff01759	update changelog	2021-08-24 07:43:35 +00:00
123quhiwiwk	4671a32062	Execute check of error logfile permissions only when log_error is defined (#477 ) Signed-off-by: 123quhiwiwk <70281681+123quhiwiwk@users.noreply.github.com>	2021-08-24 09:41:55 +02:00
dev-sec CI	78bab3f710	update changelog	2021-08-20 11:02:03 +00:00
Shawn Wilsher	3b33e0a7aa	[mysql_hardening] Setup defaults for MySQL on FreeBSD (#474 ) Signed-off-by: Shawn Wilsher <656602+sdwilsh@users.noreply.github.com>	2021-08-20 13:00:12 +02:00
dev-sec CI	2ed9d8e9da	update galaxy.yml with new version	2021-08-17 11:29:25 +00:00
dev-sec CI	df134e6385	update changelog	2021-08-15 20:55:27 +00:00
schurzi	d7eb00f4b7	Merge pull request #475 from dev-sec/ansible_lint use Ansible lint in separate task	2021-08-15 22:53:41 +02:00

1 2 3 4 5 ...

1681 commits