Commit graph

285 commits

Author SHA1 Message Date
Martin Schurz
157f4fca70 add tasks for faillock on debian
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-02-10 21:43:30 +01:00
Sebastian Gumprich
6be31fbc3b
do not install mysql python package on target host (#401)
this package has to be installed on the host that executes the task

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2021-02-10 15:57:51 +01:00
Sebastian Gumprich
756839f8f0
make wrong password fail task (#400)
* make wrong password fail task

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add name to fail task

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2021-02-10 15:55:08 +01:00
Sebastian Gumprich
c55c1f21ed
add restart handler variable for mysql role (#399)
* add restart handler variable for mysql role

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add prettierignore file to ignore CHANGELOG

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2021-02-10 15:54:57 +01:00
schurzi
a98876b350
update ansible-lint to version 5 (#397)
* add ansible to requirements

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* trigger run

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* update noqa for ansible-lint 5

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-02-10 13:47:01 +01:00
Martin Schurz
94b9bfc3cd add files for faillock
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-02-10 12:49:12 +01:00
Norman Ziegner
f035053381
Only set default for ssh host key files when hardening the server (#393)
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
2021-02-09 10:01:41 +01:00
Norman Ziegner
614662b99d
Add variable to specify host rsa key size (#394)
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
2021-02-09 09:44:55 +01:00
Martin Schurz
3ad4fbab0e add guard for tally debian unstable
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-02-08 11:18:50 +01:00
Martin Schurz
ebbf6855e8 add rhel faillock config
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-02-08 10:51:16 +01:00
Martin Schurz
b210df1233 re-add debian tally config
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-02-08 10:51:03 +01:00
Martin Schurz
a55a4d2024 remove pam_tally2
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-02-08 08:09:43 +01:00
schurzi
4b0819349d
use fqcn for community.crypto.openssh_keypair module (#389)
tihis fixes a problem with Ansible 2.9 where the default openssh_keypair
is not supporting every option we need

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-02-05 19:44:23 +01:00
Maximilian Praeger
4399d3f885 removed: unneccessary conditional
Signed-off-by: Maximilian Praeger <mpraeger@users.noreply.github.com>
2021-01-22 07:24:54 +01:00
Maximilian Praeger
6b55b9619c added: comment for HostCertificate
Signed-off-by: Maximilian Praeger <mpraeger@users.noreply.github.com>
2021-01-22 07:24:54 +01:00
Maximilian Praeger
8f7bae533c fixed: add empty line after HostCertificate loop
Signed-off-by: Maximilian Praeger <mpraeger@users.noreply.github.com>
2021-01-22 07:24:54 +01:00
Maximilian Praeger
9853c7ea45 added: defaults for ssh_host_certificates
Signed-off-by: Maximilian Praeger <mpraeger@users.noreply.github.com>
2021-01-22 07:24:54 +01:00
Maximilian Praeger
6e9247bde3 added: support for HostCertificate in sshd conf file
Signed-off-by: Maximilian Praeger <mpraeger@users.noreply.github.com>
2021-01-22 07:24:53 +01:00
Sina Tak Tehrani
ef31838fa2
Regenerate RSA key with size 4096 bits (#376)
* regenerate RSA key with size 4096 bits

Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>

* fixed lint problem

Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>

* fixed E301 lint error

Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>

* added host keys related vars

Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>

* used openssh_keypair module

Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>

* changed RSA private key mode to 0640

Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>

* specified condition to prevent wrong file mode on debian-based OS

Signed-off-by: Sina Tak Tehrani <ssttehrani@gmail.com>
2021-01-21 13:38:48 +01:00
Martin Schurz
0600cdae75 add "role" to comment
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-01-20 11:23:40 +01:00
Farid Joubbi
254b62d980 Added comment on top of template about which role modified the resulting file. https://github.com/dev-sec/ansible-collection-hardening/issues/345
Signed-off-by: Farid Joubbi <farid@joubbi.se>
2021-01-19 14:05:33 +01:00
Farid Joubbi
d01abb44c0
Syncookie (#372)
* Enabled SYN cookie sysctl.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Removed SYN cookies from here since it's a default now.

Signed-off-by: Farid Joubbi <farid@joubbi.se>
2021-01-15 09:56:29 +01:00
schurzi
16a41412bb
check for correct cpu vendor in initramfs-tools (#374)
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-01-12 06:31:13 +01:00
schurzi
d83ad9e6a9
Merge pull request #368 from dev-sec/max_startups
reduce maximum unauthenticated ssh sessions
2021-01-11 20:49:29 +01:00
Farid Joubbi
5675589e01
Sorted sysctl values and lists in READMEs alphabetically (No functional changes). (#371)
* Add s's for consistency.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Sort lists alphabetically.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Sorted sysctl_config alphabetically.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Sort removed protocols.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Added dots in variable descriptions for the sake of consistency.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Added dots in variable descriptions for the sake of consistency.

Signed-off-by: Farid Joubbi <farid@joubbi.se>
2021-01-08 20:45:50 +01:00
tgueldner-mms
e8e552f3ae
make auditd 'max_log_file' configurable (#370)
* make auditd 'max_log_file' configurable

Signed-off-by: Thomas Gueldner <T.Gueldner@t-systems.com>

* fix documentation for os_auditd_max_log_file

Signed-off-by: Thomas Gueldner <T.Gueldner@t-systems.com>
2021-01-08 13:23:58 +01:00
schurzi
b4ca950122
set hidepid=0 on RHEL/CentOS 7 (#369)
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-01-03 12:53:08 +01:00
Martin Schurz
168af7fb6f reduce maximum unauthenticated ssh sessions
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2021-01-03 00:21:26 +01:00
schurzi
a75e2c028b
change inclusion of os specific defaults (#353)
* change inclusion of os specific defaults

we now include the os specific options into a separate variable and
merge this with the default ansible namespace, when the corresponding
keys do not already exist (eg. are defined by default oder by user)

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* simplify check for os specific variables

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* add test for variable override

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* move tests to verify stage

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* correct grep

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* linting

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* fix typo

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* Revert "Merge pull request #351 from sprat/fix-umask"

This reverts commit 9e8e0bc8fb, reversing
changes made to 98c7553016.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* move immutable ssh vars to internal vars

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* move vars to OS files

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* change default handling for all roles

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* fix issues

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* add documentation

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* Update main.yml

Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
2020-12-20 20:46:57 +01:00
Farid Joubbi
83e29b01f5
Removed Protocol statement in later versions of sshd, since the code … (#342)
* Removed Protocol statement in later versions of sshd, since the code for SSH-1 has been removed in sshd.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Prettified the generated ssh_config. No functional changes, removed spaces and orphan comments.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Removed Protocol statement in later versions of sshd, since the code for SSH-1 has been removed in sshd.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Removed blank lines and prettified ssh_config.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Added note about setting sshd_authenticationmethods if ssh_server_password_login.

Signed-off-by: Farid Joubbi <farid@joubbi.se>

* Backticked true.

Signed-off-by: Farid Joubbi <farid@joubbi.se>
2020-12-16 19:29:33 +01:00
Sylvain Prat
43ec139d24
Fix #348: make ssh configuration files paths configurable (#350)
Signed-off-by: Sylvain Prat <sylvain.prat@gmail.com>
2020-12-16 19:24:44 +01:00
Sylvain Prat
ea471b38b7 Fix #344: make the os_env_umask variable usable again
Signed-off-by: Sylvain Prat <sylvain.prat@gmail.com>
2020-12-15 21:31:51 +01:00
Farid Joubbi
91424ac209
Improvements of comments in opensshd.conf.j2 #338 (#339)
* Fixed some comments that had issues. See #338

* Cut some long comments into two rows for easier reading.

Signed-off-by: joubbi <farid@joubbi.se>
2020-12-12 20:35:38 +01:00
szEvEz
13b09a0f23
Improve README for ssh_hardening (#335)
Signed-off-by: szEvEz <szivos.john@gmail.com>
2020-11-24 12:29:46 +01:00
Sebastian Gumprich
f2804c7c19 Merge branch 'master' into collection 2020-11-11 21:08:54 +01:00
Sebastian Gumprich
d857830979 minor readme fixes
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
2020-11-09 20:49:07 +01:00
rndmh3ro
c94d973527 Prettified Code! 2020-11-08 10:20:25 +00:00
Sebastian Gumprich
c8ada5c13c Merge branch 'migrate_os' into collection 2020-11-08 11:18:38 +01:00
Sebastian Gumprich
dd3959276b merge os-hardening role into collection 2020-11-07 22:09:28 +01:00
Sebastian Gumprich
598f7183f8 remove os submodule 2020-11-07 21:49:25 +01:00
Sebastian Gumprich
66e88a34d1 Merge branch 'migrate_mysql' into collection 2020-11-07 21:48:11 +01:00
Sebastian Gumprich
a10e4d7c1a merge mysql-hardening role into collection 2020-11-07 21:48:10 +01:00
Sebastian Gumprich
51a7fed83d remove mysql submodule 2020-11-07 21:48:06 +01:00
Sebastian Gumprich
cc48e4761a Merge branch 'migrate_nginx' into collection 2020-11-07 21:47:46 +01:00
Sebastian Gumprich
e406349064 merge nginx-hardening role into collection 2020-11-07 21:47:45 +01:00
Sebastian Gumprich
5aa3701de9 remove nginx submodule 2020-11-07 21:47:43 +01:00
Sebastian Gumprich
d49e05f8e8 Merge branch 'migrate_ssh' into collection 2020-11-07 21:46:48 +01:00
Sebastian Gumprich
a46642ee92 merge ssh-hardening role into collection 2020-11-07 21:46:45 +01:00
Sebastian Gumprich
4e322edc62 remove ssh submodule 2020-11-07 21:46:32 +01:00
Sebastian Gumprich
ac3c12d264 move to collections 2020-11-07 21:19:43 +01:00
Sebastian Gumprich
877449997f New role layout. Fix #6 2016-01-08 17:00:57 +01:00
Sebastian Gumprich
ea213d636c Change directory structure. Fix #43 2015-10-27 20:41:36 +01:00
Sebastian Gumprich
7eb8b4f3d3 Change directory layout. fix #48
This change gets rid of the separate role dir
and puts everything into the root-directory, making
it possible to install the role via ansible galaxy.
2015-10-21 20:52:46 +02:00
fitz123
c49d519b1f sftp_enable option 2015-10-21 22:28:01 +07:00
Florian Heinle
e21e62a0dc fix mysql restart not happening because of missing os specific variable 2015-10-17 18:30:56 +02:00
Florian Heinle
a5d342a01a Allow whitelisted groups on ssh
Setting ssh_allow_groups does not work when set since the corresponding if-check tests for the wrong variable
2015-10-16 19:40:28 +02:00
fitz123
519160b8e7 remove duplicate "update pam" task 2015-10-13 15:37:45 +07:00
fitz123
78fb438a10 Fix stuck in case pam files was updated before by force update 2015-09-30 22:11:37 +07:00
fitz123
893b39181e bugfix. Now option true for PrintLastLog is available again 2015-09-28 06:24:13 +07:00
fitz123
b013986f61 Fix passwdqc default options 2015-09-24 02:51:56 +07:00
fitz123
afa3be1e6a Fix nologin shell path for Oracle and RedHat 2015-09-24 02:16:51 +07:00
fitz123
c5307b36f0 Fix nologin shell path 2015-09-24 00:56:09 +07:00
Christoph Hartmann
9a3af69485 Merge pull request #35 from hardening-io/pam_selinux
Support for selinux and pam. fix #23
2015-09-22 19:58:58 +02:00
Sebastian Gumprich
d3e01b75d6 Change variable for hmac from server to client
in the openssh client configuration a server variable was used.
2015-08-31 21:10:00 +02:00
Sebastian Gumprich
7b5fa53f3a Update kitchen-ansible, remove separate debian install
Due to the new kitchen-ansible version it is now
possible to install ansible on all major OS's via a
ansible omnibus script which is provided by
kitchen ansible. There's no more need to separate
the debian tests.

Also removed whitespace.
2015-08-29 14:13:17 +02:00
Sebastian Gumprich
adc8462838 Revamp conditionals again 2015-08-17 15:31:45 +00:00
Sebastian Gumprich
7b934e415c Add another conditional 2015-08-17 17:16:17 +00:00
Sebastian Gumprich
b17bd65870 Add more conditionals 2015-08-17 17:08:16 +00:00
Sebastian Gumprich
9560f33329 Change last task again 2015-08-17 17:04:47 +00:00
Sebastian Gumprich
be38ac75f4 Add selinux-check 2015-08-16 20:37:33 +00:00
Sebastian Gumprich
1ff939db76 Use correct variable and change travis-test 2015-08-14 17:44:12 +00:00
Sebastian Gumprich
a1a439d38e Add mode to su-binary task. Fix #38 2015-08-13 21:02:57 +00:00
Sebastian Gumprich
c4482cb12e Support for selinux and pam. fix #23
This change add the following:

- it checks wether selinux is in "Enforcing" mode
- when selinux is enforcing, it copies a new selinux-policy to the host
- this policy allows sshd to read the shadow-file directly, which is forbidden by selinux otherwise
- the policy is then compiled, a package is created and the policy is installed
- when selinux is enforcing, pam is used and the policy is not disabled, it gets removed,
  because its considered a security risk. see here: http://danwalsh.livejournal.com/12333.html
2015-08-10 21:45:15 +00:00
Sebastian Gumprich
ef8c4ada2f Separate ssh client and server ports. Fix #33
This PR separates the ssh_ports variable into two separate
variables for the ssh-client and ssh-server.
2015-08-09 11:16:34 +00:00
Christoph Hartmann
950210348f Merge pull request #31 from hardening-io/max_auth_tries
Make MaxAuthTries configurable
2015-08-06 23:39:14 -07:00
Sebastian Gumprich
2bc353b7a9 Make MaxAuthTries configurable 2015-08-06 14:20:32 +00:00
Sebastian Gumprich
9befb22e13 Change oneliner if-statements to be more readable 2015-08-06 14:00:14 +00:00
Sebastian Gumprich
df8b205a8f Change oneliner if-statements to be more readable 2015-08-06 13:53:33 +00:00
Robin Schneider
10f6544f3c
Make ssh client password login configurable.
Defaults to not allow which might be a bit restrictive.
2015-08-04 15:17:50 +02:00
Sebastian Gumprich
60e898098d Fix join-filter, jinja-cases, spelling, whitespace
- the join filter is replaced by '+'
- the if-cases for rhel-based OS'es is simplified
- intendation of complex if-cases
2015-07-29 20:52:53 +00:00
Sebastian Gumprich
bda8d52083 Merge pull request #26 from ypid/role-review
Fixed role's join-filter, jinja-cases, spelling, whitespace
2015-07-29 13:27:46 +00:00
Robin Schneider
a2f4542a48
Short role review. Fixed role when ssh_client_weak_kex == true.
* This role uses the Jinja2 `join` filter quite creatively, please fix this. This patch fixes one instance.
* Make full use of Jinja2 features. E.g. use `if ansible_os_family in ['Oracle Linux', 'RedHat']` for example. This patch fixes one instance.
* Fixed spelling.
* Removed whitespace.
2015-07-28 21:21:32 +02:00
Robin Schneider
a8f991bc07
Make it configurable to only harden ssh client/server or both (default). 2015-07-28 20:42:14 +02:00
Sebastian Gumprich
a2c483ace8 Separate system-vars from editable vars.
This change moves variables that can be changed or overridden by the user to the defaults-vars-files, where it belongs.
2015-07-28 18:07:34 +00:00
Sebastian Gumprich
48fc334f71 Separate system-vars from editable vars
This change moves variables that can be changed or overridden by the user to the defaults-vars-files, where it belongs.
2015-07-27 21:04:38 +00:00
Sebastian Gumprich
a1425befeb Separate system-vars from editable vars. Fix #34 2015-07-27 20:47:23 +00:00
Sebastian Gumprich
daf8e4c45b Add documentation for testing, change value in vars 2015-07-18 20:57:58 +00:00
Sebastian Gumprich
b3af021cd9 Create limits.d-directory if it does not exist.
See [here](https://github.com/hardening-io/chef-os-hardening/issues/84).
2015-07-13 18:18:13 +00:00
Sebastian Gumprich
dab153eb56 INITIAL 2015-07-02 18:32:22 +00:00
Christoph Hartmann
75dbf1cae6 Merge pull request #30 from hardening-io/CL_RM_TODO
Update readme, todo, changelog, vars
2015-06-24 06:40:28 -07:00
Sebastian Gumprich
348fb1cc53 Change var to true to remove pkgs by default 2015-06-24 10:21:13 +00:00
Sebastian Gumprich
5e1e2513c5 Update readme, todo, changelog, vars
* This commit updates the readme in several ways.
* It adds a todo-list and a changelog.
* It deletes unused variables
2015-06-23 23:58:40 +02:00
Sebastian Gumprich
c8d9ac84ef Add module configuration 2015-06-23 23:58:12 +02:00
Christoph Hartmann
ac4754ff16 Merge pull request #29 from hardening-io/suid_fix
List-cleanup and follow symlinks added
2015-06-23 14:57:25 -07:00
Sebastian Gumprich
f6cf4fcdf5 Fix another sysctl-setting due to new tests 2015-06-23 23:51:18 +02:00
Sebastian Gumprich
8ba37823f9 Fix two sysctl-settings 2015-06-23 23:51:18 +02:00
Sebastian Gumprich
88f4f17786 Added condition to suid/sgid-execution 2015-06-23 17:49:37 +00:00
Sebastian Gumprich
46b50769aa List-cleanup and follow symlinks added
- This change alters the black- and white-listed list for
suid/sgid-management to be a proper yaml-formatted list.

- Furthermore "follow symlinks" was added to the tasks
that remove suid/sgid because otherwise the suid/sgid
from the link-targets would not be removed.
2015-06-23 11:01:00 +00:00
Christoph Hartmann
10267eb509 Merge pull request #23 from hardening-io/remove_authconfig
Delete authconfig-task on rhel-systems
2015-06-20 02:01:39 -07:00
Sebastian Gumprich
a345da0023 Delete authconfig-task on rhel-systems
The authconfig-task overrides changes we later do on files, so this
task is not necessary and causes some tasks to always change files
2015-06-19 11:51:23 +02:00
Sebastian Gumprich
e4c6436163 Add missing rhosts-include task 2015-06-19 11:51:09 +02:00
Christoph Hartmann
71c7042163 Merge pull request #24 from hardening-io/result_override
Use changed_when to avoid changed tasks
2015-06-19 02:48:08 -07:00
Sebastian Gumprich
1005cc133a Add ignore-vars. Change nologin-shell dep. on OS 2015-06-18 18:14:08 +00:00
Sebastian Gumprich
f82e7684c6 Added option to disable system accounts 2015-06-18 18:14:08 +00:00
Sebastian Gumprich
6f910c28d8 Use changed_when to avoid changed tasks
When a shell or command task, that only fetches data, gets executed,
the task will be marked as change, even though nothing changed.
This commit changes the behaviour of tasks that only fetch data.
For more info see here:
http://docs.ansible.com/playbooks_error_handling.html#overriding-the-changed-result
2015-06-18 13:42:29 +00:00
Sebastian Gumprich
531a051ef9 Skip sysctl-tasks in travis-environment 2015-06-17 12:11:59 +02:00
Sebastian Gumprich
e70974ba16 Add os_security_kernel_enable_module_loading 2015-06-08 17:25:50 +00:00
Sebastian Gumprich
81c171a55a Change sysctl-task. Fix #18 2015-06-06 18:35:09 +00:00
Christoph Hartmann
645240998d Merge pull request #16 from hardening-io/cnd_ip_fwd
Add conditions for various tasks. Fix #15
2015-06-03 12:35:43 -07:00
Sebastian Gumprich
7c121b7e2b Add missing condition 2015-06-01 21:46:05 +00:00
Sebastian Gumprich
255948feb3 Add conditions for various tasks. Fix #15 2015-06-01 20:33:35 +00:00
Sebastian Gumprich
fb59fab08f Remove duplicate whitelist-check 2015-06-01 19:36:37 +00:00
Sebastian Gumprich
544779e26a Add remove suid/sgid function 2015-06-01 14:50:22 +02:00
Sebastian Gumprich
e6f2253c49 replace sed with replace-module 2015-06-01 14:28:18 +02:00
Sebastian Gumprich
c9252b167f add gpgcheck rhnplugin.conf, consolidate task 2015-06-01 14:28:18 +02:00
Sebastian Gumprich
66e258da7e Add task to remove unused repos and pkgs 2015-06-01 14:28:17 +02:00
Sebastian Gumprich
95bb02edbe Make tasks clearer 2015-06-01 14:23:13 +02:00
Sebastian Gumprich
1782dbf3fa ignore RAs on Ipv6
See: https://github.com/hardening-io/puppet-os-hardening/blob/master/manifests/sysctl.pp#L66-L68
2015-06-01 10:59:37 +02:00
Sebastian Gumprich
3dce747cd6 Revert "ignore RAs on Ipv6"
This reverts commit a91cbe0192.
2015-05-28 18:47:18 +00:00
Sebastian Gumprich
a91cbe0192 ignore RAs on Ipv6
Taken from here:
https://github.com/hardening-io/puppet-os-hardening/blob/master/manifests/sysctl.pp#L66-L68
2015-05-28 18:43:52 +00:00
Sebastian Gumprich
a305b94230 Add separated files 2015-05-26 19:53:55 +00:00
Sebastian Gumprich
79ca60bfa1 Separate tasks into multiple smaller files 2015-05-26 19:53:16 +00:00
Sebastian Gumprich
557109e35a Separate the tasks into smaller files 2015-05-26 19:45:30 +00:00
Christoph Hartmann
01572d9041 Merge pull request #5 from hardening-io/yum
Enable gpg-check on all yum-repositories
2015-05-20 12:17:54 -07:00
Sebastian Gumprich
c2884687c8 Change tasks to use sed instead of lineinfile 2015-05-20 21:07:30 +00:00
Sebastian Gumprich
82fea53ba7 Enable gpg-check on all yum-repositories 2015-05-19 21:01:32 +00:00
Dominik Richter
226c2761f8 treat securetty config as an array 2015-05-11 23:06:34 +02:00
Sebastian Gumprich
e097f02065 Add profile.conf configuration 2015-05-11 23:00:08 +02:00
Sebastian Gumprich
ef2ce77f53 Add securetty-template 2015-05-10 21:44:17 +00:00
Sebastian Gumprich
b78345fe0c Add securetty-support 2015-05-10 21:43:26 +00:00
Sebastian Gumprich
b9cc7bf9d8 Further improvements, first push 2015-05-10 18:33:37 +00:00
Sebastian Gumprich
06d1464e95 Initial 2015-05-04 21:37:22 +00:00
Sebastian Gumprich
ef275a4e85 Add handler to restart ssh only if necessary. Fix #6 2015-04-28 16:47:12 +00:00
Sebastian Gumprich
45eb0e2f38 Oracle support
- Add check for Oracle operating systems

- Add minus sign to remove whitespace
2015-04-27 21:14:50 +00:00
Sebastian Gumprich
bb703c962a INITIAL 2015-04-23 18:30:41 +00:00