Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-09-20 21:21:54 +00:00
Code Issues Projects Releases Packages Wiki Activity
1681 commits 12 branches 56 tags 3.7 MiB
Commit graph

1681 commits

This branch
This branch
All branches
Author SHA1 Message Date
Martin Schurz
0ac56e4c00 Merge branch 'master' into pwhistory 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-23 08:53:23 +01:00
dev-sec CI
05bc809ba3 update changelog 2021-03-23 07:42:42 +00:00
schurzi
5be13e878f
Merge pull request #430 from joubbi/comment 
Remove comments from PAM config file, but keep it in the template
 2021-03-23 08:40:20 +01:00
Farid Joubbi
659e5ada6a Changed to pam_pwhistory.so instead of pam_unix.so for remembering old passwords. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-22 22:28:25 +01:00
Farid Joubbi
0010715039 Remove comment from output file, but keep it in the template. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-22 19:39:49 +01:00
dev-sec CI
a23eb05001 update changelog 2021-03-22 11:52:11 +00:00
schurzi
69193fe249
Merge pull request #428 from dev-sec/harden_user_home_dires 
Harden user home dirs
 2021-03-22 12:49:48 +01:00
rndmh3ro
369c2986c6 Prettified Code! 2021-03-22 10:23:03 +00:00
Sebastian Gumprich
02c689eaa0 fix loop for home_directories 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-22 11:18:51 +01:00
Sebastian Gumprich
bf82736787 Update roles/os_hardening/tasks/user_accounts.yml 
Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
 2021-03-22 11:18:51 +01:00
Sebastian Gumprich
c86bdcb4c7 linting 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-22 11:18:51 +01:00
Sebastian Gumprich
b5ca78a9cd chmod /home directories to 0700 
This is based on https://github.com/dev-sec/ansible-collection-hardening/pull/277
and updated to work with the new collection.

Thanks to @aardbol for this initial implementation!

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-22 11:18:51 +01:00
dev-sec CI
36bc71fe51 update changelog 2021-03-21 12:20:51 +00:00
schurzi
876cdab430
Merge pull request #429 from dev-sec/proxy 
add support for using a proxy to test with molecule
 2021-03-21 13:18:03 +01:00
Sebastian Gumprich
6c805f6ca9 add support for using a proxy to test with molecule 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-19 15:52:19 +01:00
Sebastian Gumprich
8cb6732882 add support for using a proxy to test with molecule 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-19 15:45:06 +01:00
Sebastian Gumprich
390f7ad6cc fix linting 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-03-19 14:46:42 +01:00
Felix Herzog
eca93cc80b add restart-auditd handler as after configuration change (e.g. of os_auditd_max_log_file_action) you need to restart. Sadly on rhel7 systems you cannot use systemd. And as debian derivates use service as alias and it works I kept it that simple. also adding 'auditd'-tag to make it easy only run that config change if needed. 
Signed-off-by: Felix Herzog <snoopotic@gmail.com>
 2021-03-19 14:42:31 +01:00
dev-sec CI
9614273653 update changelog 2021-03-16 14:52:14 +00:00
schurzi
a64838272c
Merge pull request #418 from joubbi/documentation2 
Improve Documentation for sysctl defaults
 2021-03-16 15:49:55 +01:00
dev-sec CI
2076990d5d update galaxy.yml with new version 2021-03-16 10:40:04 +00:00
dev-sec CI
3da5b759a2 update changelog 2021-03-16 10:28:41 +00:00
schurzi
8706246309
Merge pull request #421 from schurzi/imprel 
Improve Release Action
 2021-03-16 11:26:21 +01:00
Martin Schurz
cd4925d411 checkout master between 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 11:07:21 +01:00
Martin Schurz
d1b8e7d7a3 update paths 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 11:00:40 +01:00
Martin Schurz
19d5a17a99 remove second call to changelog generator 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-16 10:56:17 +01:00
dev-sec CI
5cc8b2f42a update changelog 2021-03-16 09:26:22 +00:00
schurzi
976f83e88b
Merge pull request #420 from dev-sec/fqcn_docs 
remove FQCN from roles in examples
 2021-03-16 10:14:03 +01:00
dev-sec CI
6c870aae27 update changelog 2021-03-15 23:12:58 +00:00
schurzi
74c729404b
Merge pull request #392 from dev-sec/tally 
restructure PAM handling and update for currently supported Linux distributions
 2021-03-16 00:10:36 +01:00
Martin Schurz
b2dd73d27e remove unneeded tasks 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-15 23:53:40 +01:00
Martin Schurz
ec9d7d2cb8 cleanup and typos 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-15 23:39:12 +01:00
Farid Joubbi
97c55d6e55 Documented rationale for sysctl values set. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-15 14:01:19 +01:00
Martin Schurz
5f97dffddf Merge branch 'master' into tally 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-11 19:26:37 +01:00
dev-sec CI
eeedaeaffb update changelog 2021-03-11 16:46:51 +00:00
schurzi
0b945536e2
Merge pull request #405 from joubbi/crontab 
Ensure permissions on cron files and directories are configured
 2021-03-11 17:44:26 +01:00
schurzi
103135ce9a fix task naming 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-11 17:21:32 +01:00
Farid Joubbi
4158e0bfb4 Created a list of files/dirs to be looped instead of two tasks per file/dir. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-11 16:54:25 +01:00
dev-sec CI
fed8bdabd7 update changelog 2021-02-25 07:00:24 +00:00
Sebastian Gumprich
f9bbdb20fe
add install instructions 2021-02-25 07:57:55 +01:00
Farid Joubbi
4bad4779cd Fixed copy-paste error by doing og-rwx instead of numerical. 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-02-22 22:13:18 +01:00
Martin Schurz
75fc31b80c remove cracklib 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 19:10:45 +01:00
Martin Schurz
10841ced62 case sensitive 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 18:29:55 +01:00
Martin Schurz
335df545fb correct version 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 18:15:33 +01:00
Martin Schurz
6d2c92d4ab correct locale 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 18:14:59 +01:00
Martin Schurz
3334000b97 set locale for test 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 17:45:46 +01:00
Martin Schurz
26d84b5f84 use custom /tmp dir 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 16:46:41 +01:00
Martin Schurz
9b6f313065 move pam tests up 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 15:54:03 +01:00
Martin Schurz
23071a183c add testcases for PAM 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 15:42:13 +01:00
dev-sec CI
66009496e2 update changelog 2021-02-22 09:24:50 +00:00