Martin Schurz
|
0ac56e4c00
|
Merge branch 'master' into pwhistory
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-03-23 08:53:23 +01:00 |
|
dev-sec CI
|
05bc809ba3
|
update changelog
|
2021-03-23 07:42:42 +00:00 |
|
schurzi
|
5be13e878f
|
Merge pull request #430 from joubbi/comment
Remove comments from PAM config file, but keep it in the template
|
2021-03-23 08:40:20 +01:00 |
|
Farid Joubbi
|
659e5ada6a
|
Changed to pam_pwhistory.so instead of pam_unix.so for remembering old passwords.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
|
2021-03-22 22:28:25 +01:00 |
|
Farid Joubbi
|
0010715039
|
Remove comment from output file, but keep it in the template.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
|
2021-03-22 19:39:49 +01:00 |
|
dev-sec CI
|
a23eb05001
|
update changelog
|
2021-03-22 11:52:11 +00:00 |
|
schurzi
|
69193fe249
|
Merge pull request #428 from dev-sec/harden_user_home_dires
Harden user home dirs
|
2021-03-22 12:49:48 +01:00 |
|
rndmh3ro
|
369c2986c6
|
Prettified Code!
|
2021-03-22 10:23:03 +00:00 |
|
Sebastian Gumprich
|
02c689eaa0
|
fix loop for home_directories
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
|
2021-03-22 11:18:51 +01:00 |
|
Sebastian Gumprich
|
bf82736787
|
Update roles/os_hardening/tasks/user_accounts.yml
Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
|
2021-03-22 11:18:51 +01:00 |
|
Sebastian Gumprich
|
c86bdcb4c7
|
linting
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
|
2021-03-22 11:18:51 +01:00 |
|
Sebastian Gumprich
|
b5ca78a9cd
|
chmod /home directories to 0700
This is based on https://github.com/dev-sec/ansible-collection-hardening/pull/277
and updated to work with the new collection.
Thanks to @aardbol for this initial implementation!
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
|
2021-03-22 11:18:51 +01:00 |
|
dev-sec CI
|
36bc71fe51
|
update changelog
|
2021-03-21 12:20:51 +00:00 |
|
schurzi
|
876cdab430
|
Merge pull request #429 from dev-sec/proxy
add support for using a proxy to test with molecule
|
2021-03-21 13:18:03 +01:00 |
|
Sebastian Gumprich
|
6c805f6ca9
|
add support for using a proxy to test with molecule
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
|
2021-03-19 15:52:19 +01:00 |
|
Sebastian Gumprich
|
8cb6732882
|
add support for using a proxy to test with molecule
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
|
2021-03-19 15:45:06 +01:00 |
|
Sebastian Gumprich
|
390f7ad6cc
|
fix linting
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
|
2021-03-19 14:46:42 +01:00 |
|
Felix Herzog
|
eca93cc80b
|
add restart-auditd handler as after configuration change (e.g. of os_auditd_max_log_file_action) you need to restart. Sadly on rhel7 systems you cannot use systemd. And as debian derivates use service as alias and it works I kept it that simple. also adding 'auditd'-tag to make it easy only run that config change if needed.
Signed-off-by: Felix Herzog <snoopotic@gmail.com>
|
2021-03-19 14:42:31 +01:00 |
|
dev-sec CI
|
9614273653
|
update changelog
|
2021-03-16 14:52:14 +00:00 |
|
schurzi
|
a64838272c
|
Merge pull request #418 from joubbi/documentation2
Improve Documentation for sysctl defaults
|
2021-03-16 15:49:55 +01:00 |
|
dev-sec CI
|
2076990d5d
|
update galaxy.yml with new version
|
2021-03-16 10:40:04 +00:00 |
|
dev-sec CI
|
3da5b759a2
|
update changelog
|
2021-03-16 10:28:41 +00:00 |
|
schurzi
|
8706246309
|
Merge pull request #421 from schurzi/imprel
Improve Release Action
|
2021-03-16 11:26:21 +01:00 |
|
Martin Schurz
|
cd4925d411
|
checkout master between
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-03-16 11:07:21 +01:00 |
|
Martin Schurz
|
d1b8e7d7a3
|
update paths
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-03-16 11:00:40 +01:00 |
|
Martin Schurz
|
19d5a17a99
|
remove second call to changelog generator
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-03-16 10:56:17 +01:00 |
|
dev-sec CI
|
5cc8b2f42a
|
update changelog
|
2021-03-16 09:26:22 +00:00 |
|
schurzi
|
976f83e88b
|
Merge pull request #420 from dev-sec/fqcn_docs
remove FQCN from roles in examples
|
2021-03-16 10:14:03 +01:00 |
|
dev-sec CI
|
6c870aae27
|
update changelog
|
2021-03-15 23:12:58 +00:00 |
|
schurzi
|
74c729404b
|
Merge pull request #392 from dev-sec/tally
restructure PAM handling and update for currently supported Linux distributions
|
2021-03-16 00:10:36 +01:00 |
|
Martin Schurz
|
b2dd73d27e
|
remove unneeded tasks
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-03-15 23:53:40 +01:00 |
|
Martin Schurz
|
ec9d7d2cb8
|
cleanup and typos
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-03-15 23:39:12 +01:00 |
|
Farid Joubbi
|
97c55d6e55
|
Documented rationale for sysctl values set.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
|
2021-03-15 14:01:19 +01:00 |
|
Martin Schurz
|
5f97dffddf
|
Merge branch 'master' into tally
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-03-11 19:26:37 +01:00 |
|
dev-sec CI
|
eeedaeaffb
|
update changelog
|
2021-03-11 16:46:51 +00:00 |
|
schurzi
|
0b945536e2
|
Merge pull request #405 from joubbi/crontab
Ensure permissions on cron files and directories are configured
|
2021-03-11 17:44:26 +01:00 |
|
schurzi
|
103135ce9a
|
fix task naming
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-03-11 17:21:32 +01:00 |
|
Farid Joubbi
|
4158e0bfb4
|
Created a list of files/dirs to be looped instead of two tasks per file/dir.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
|
2021-03-11 16:54:25 +01:00 |
|
dev-sec CI
|
fed8bdabd7
|
update changelog
|
2021-02-25 07:00:24 +00:00 |
|
Sebastian Gumprich
|
f9bbdb20fe
|
add install instructions
|
2021-02-25 07:57:55 +01:00 |
|
Farid Joubbi
|
4bad4779cd
|
Fixed copy-paste error by doing og-rwx instead of numerical.
Signed-off-by: Farid Joubbi <farid@joubbi.se>
|
2021-02-22 22:13:18 +01:00 |
|
Martin Schurz
|
75fc31b80c
|
remove cracklib
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-02-22 19:10:45 +01:00 |
|
Martin Schurz
|
10841ced62
|
case sensitive
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-02-22 18:29:55 +01:00 |
|
Martin Schurz
|
335df545fb
|
correct version
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-02-22 18:15:33 +01:00 |
|
Martin Schurz
|
6d2c92d4ab
|
correct locale
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-02-22 18:14:59 +01:00 |
|
Martin Schurz
|
3334000b97
|
set locale for test
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-02-22 17:45:46 +01:00 |
|
Martin Schurz
|
26d84b5f84
|
use custom /tmp dir
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-02-22 16:46:41 +01:00 |
|
Martin Schurz
|
9b6f313065
|
move pam tests up
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-02-22 15:54:03 +01:00 |
|
Martin Schurz
|
23071a183c
|
add testcases for PAM
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
|
2021-02-22 15:42:13 +01:00 |
|
dev-sec CI
|
66009496e2
|
update changelog
|
2021-02-22 09:24:50 +00:00 |
|