* first testing with tasks and variables
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* update variables for dir options
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* updated permissions and defaults
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* fix home dir permissions
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* updated tasks with useful variables
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* reorder tasks. first remount, then manage fstab and fix permissions on directories. Renaming task names with mountpoints (slashes)
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* shorten tasks with list items
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* change defaults for /boot directory, because its a bad behaviour, if ansible changes boot entries with a default value
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* Update documentation for new parameters to manage mountpoints
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* Update roles/os_hardening/tasks/minimize_access.yml
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* Update roles/os_hardening/tasks/minimize_access.yml
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* Fix state on every new task
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* loop instead of list
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* testing remount with register
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* add remounts with loop over all changed folders
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* testing and solving trouble with variable names
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* optimize default permissions for var-log-audit
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* optimize default permissions for var-log-audit
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* change to new optimizied permissions of var-log-audit
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* fix some defaults in fstab to configure as mounted
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
* add stat and check, if boot folder exists
Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
Co-authored-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com>
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
there was a new feature introduced to git, that prevents some of our
actions to run. The updated action handles this properly.
https://github.com/actions/checkout/issues/760
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
while this could be better solved by checking what nginx version is used, debian9 is eol'd in 4 months. if there will be again a need to check for nginx versions, we'll add it then
Signed-off-by: rndmh3ro <github@gumpri.ch>