Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
2213 commits 15 branches 57 tags 4.6 MiB
Commit graph

2213 commits

This branch
This branch
All branches
Author SHA1 Message Date
Martin Schurz
ba1ab8fdfc fix release workflow 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2024-07-25 11:31:18 +02:00
Sebastian Gumprich
059f9fe96c try to fix release workflow 
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2024-07-03 15:56:05 +02:00
Sebastian Gumprich
d0d438faa4 try to fix release workflow 
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2024-07-03 15:49:58 +02:00
Sevan
0233bfe543
Ensure that ssh is installed (#774) 
Signed-off-by: Sevan Murriguian-Watrin <git@byh0ki.fr>
 2024-07-02 20:41:07 +02:00
dev-sec CI
ed85a70105 update ssh_hardening readme 2024-07-02 16:20:50 +00:00
schurzi
f9c8e4b749
Merge pull request #777 from dev-sec/fix_Bsd 
remove tests for FreeBSD12 since it's out of support
 2024-07-02 18:18:10 +02:00
Martin Schurz
77de9435fa remove freebsd12 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2024-07-02 17:31:22 +02:00
schurzi
7008a4b8ca
Merge pull request #776 from dev-sec/renovate/pin-dependencies 
chore(deps): pin dependencies
 2024-06-25 13:09:14 +02:00
renovate[bot]
563f1833df
chore(deps): pin dependencies 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-25 04:51:04 +00:00
schurzi
22e122ffdc
Use best-practice preset for renovate (#775) 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2024-06-25 06:50:36 +02:00
dev-sec CI
c068979b91 update os_hardening readme 2024-06-24 08:41:24 +00:00
dev-sec CI
b705cd95dc update ssh_hardening readme 2024-06-24 08:41:00 +00:00
dev-sec CI
7f51a49265 update nginx_hardening readme 2024-06-24 08:40:57 +00:00
dev-sec CI
aaaedee1cd update mysql_hardening readme 2024-06-24 08:40:50 +00:00
Sebastian Gumprich
c02b5d9c3a add arg-spec for new variable ssh_server_service_enabled 
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2024-06-24 10:28:53 +02:00
Sevan
b0488e86d4
ssh: explicitly enable or disable the service at boot (#771) 
Signed-off-by: Sevan Murriguian-Watrin <git@byh0ki.fr>
 2024-06-24 10:26:55 +02:00
Sebastian Gumprich
19ca997bd6
disable systemd socket activation (#769) 
* disable systemd socket activation

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

* move start to after deactivation so it can start

---------

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2024-06-18 15:56:09 +02:00
dev-sec CI
8dab761c52 update changelog 2024-06-04 08:19:05 +00:00
rndmh3ro
26ecb3f5ea Prettified Code! 2024-06-04 08:16:33 +00:00
Sebastian Gumprich
60de0ab50b
centos8 stream is eol (#770) 
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2024-06-04 10:10:19 +02:00
dev-sec CI
265802360c update changelog 2024-05-31 10:22:20 +00:00
dev-sec CI
b0f968af21 update nginx_hardening readme 2024-05-31 10:21:00 +00:00
Sebastian Gumprich
85aa1b22b3
do not force type of ssh_gateway_ports (#765) 
* do not force type of gatewayports-var

this way it can be a bool or a string. we also now test for it

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

* replace yum with dnf

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

---------

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2024-05-31 12:20:00 +02:00
dev-sec CI
4af40129c6 update ssh_hardening readme 2024-05-31 09:42:36 +00:00
dev-sec CI
eb972f63f7 update os_hardening readme 2024-05-31 09:42:33 +00:00
dev-sec CI
b6be42c3a0 update mysql_hardening readme 2024-05-31 09:42:13 +00:00
Sebastian Gumprich
296f46cc80
centos7 is eol, remove it (#767) 
* centos7 is eol, remove it

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

* change workflow to update readmes when meta/main.yml is changed

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

* remove mention of centos 7 from readme

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>

---------

Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2024-05-31 11:25:01 +02:00
dev-sec CI
541c2df1ab update changelog 2024-05-31 09:07:00 +00:00
schurzi
2959a584a8
Merge pull request #766 from dev-sec/codespell 
fix spelling
 2024-05-31 10:55:45 +02:00
Sebastian Gumprich
346ead4455 fix spelling 
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2024-05-30 15:07:27 +02:00
Sebastian Gumprich
f3a1fcc16a fix spelling 
Signed-off-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2024-05-30 15:01:33 +02:00
dev-sec CI
4cb67edbe5 update changelog 2024-05-09 10:33:43 +00:00
schurzi
4f66ec4c26
Merge pull request #760 from siemens/ci/permissions 
ci: define permissions for enforce-labels workflow
 2024-05-09 12:31:28 +02:00
Florian Greinacher
16e86125e9 ci: define permissions for enforce-labels workflow 
Explicitely stating required permissions is considered best practice.
This case was detected by Poutine, see
https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/default_permissions_on_risky_events.md.

Signed-off-by: Florian Greinacher <florian@greinacher.de>
 2024-05-06 06:40:19 +00:00
dev-sec CI
db2bfc91da update changelog 2024-03-25 22:03:51 +00:00
renovate[bot]
eb57ed4eaa Update dependency ansible-core to v2.16.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-03-25 22:02:32 +00:00
dev-sec CI
69cd800387 update changelog 2024-03-20 12:26:01 +00:00
debbabi
00443de508
add ssh_pubkey_authentication variable (#749) 
Signed-off-by: debbabi <dbassem@gmail.com>
 2024-03-20 13:24:27 +01:00
dev-sec CI
b35b82108b update changelog 2024-02-27 01:20:42 +00:00
renovate[bot]
95aab25520 Update dependency ansible-core to v2.16.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-27 01:19:31 +00:00
dev-sec CI
bdf6d65cfd update changelog 2024-02-07 20:34:15 +00:00
renovate[bot]
0740ebf041
Update ansible/ansible-lint action to v24 (#745) 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-07 21:32:14 +01:00
dev-sec CI
a301b1c905 update changelog 2024-02-05 09:07:24 +00:00
schurzi
02ad7664ea
Merge pull request #744 from dev-sec/fix_openbsd 
Always update Vagrant Boxes before using
 2024-02-05 10:05:06 +01:00
Martin Schurz
b0dff13204 add comment 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2024-02-05 10:04:51 +01:00
Martin Schurz
bb9358e2fb free space on /boot 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2024-02-05 07:20:27 +01:00
Martin Schurz
3ba52e59e2 remove update tasks, since we use updated images 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2024-02-05 01:19:34 +01:00
Martin Schurz
e54c541d3b add more excluded packages 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2024-02-04 23:34:53 +01:00
Martin Schurz
a0abefbc29 use loop for package names 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2024-02-04 21:50:41 +01:00
Martin Schurz
898bf73178 Block kernel update 
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
 2024-02-04 20:41:51 +01:00