Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
1873 commits 15 branches 57 tags 4.6 MiB
Commit graph

1873 commits

This branch
This branch
All branches
Author SHA1 Message Date
dev-sec CI
c0b9c87dc1 update changelog 2023-01-19 12:47:40 +00:00
Sebastian Gumprich
142782bad6 add diff to molecule 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2023-01-19 13:46:16 +01:00
rndmh3ro
b3fbfcedbe Prettified Code! 2023-01-19 12:45:51 +00:00
Paweł Krawczyk
88ef3cf3af
Parametrize more auditd.conf options (#535) 
* Parametrize more auditd.conf options

* Parametrize more auditd.conf options

* Add `os_auditd` options

* Add os_auditd_log_group

* Add os_auditd_log_group

Co-authored-by: Paweł Krawczyk <p@krvtz.net>
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2023-01-19 13:45:24 +01:00
dev-sec CI
ca25f50ba6 update changelog 2023-01-12 11:56:07 +00:00
richardlock
a82942a63a
Add support for /etc/auditd.conf num_logs to go with max_log_file_action. (#617) 
Signed-off-by: Richard Lock <r.j.lock@derby.ac.uk>

Signed-off-by: Richard Lock <r.j.lock@derby.ac.uk>
 2023-01-12 12:52:48 +01:00
dev-sec CI
fc060376ac update changelog 2022-12-24 09:43:18 +00:00
dependabot[bot]
16f78bc6be
Bump actions/setup-python from 1 to 4 (#611) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 1 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v1...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-24 10:28:54 +01:00
dev-sec CI
764472ae33 update galaxy.yml with new version 2022-12-19 08:43:22 +00:00
dependabot[bot]
395091c41d
Bump creyD/prettier_action from 3.1 to 4.2 (#610) 
Bumps [creyD/prettier_action](https://github.com/creyD/prettier_action) from 3.1 to 4.2.
- [Release notes](https://github.com/creyD/prettier_action/releases)
- [Commits](https://github.com/creyD/prettier_action/compare/v3.1...v4.2)

---
updated-dependencies:
- dependency-name: creyD/prettier_action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-17 19:53:05 +01:00
dev-sec CI
0a589e5f51 update changelog 2022-12-17 18:49:42 +00:00
John Losito
9d0cc42039
Check for github action updates daily (#609) 
Signed-off-by: John Losito <lositojohnj@gmail.com>

Signed-off-by: John Losito <lositojohnj@gmail.com>
 2022-12-17 19:48:02 +01:00
dev-sec CI
5a7783defe update changelog 2022-12-07 07:55:29 +00:00
Sebastian Gumprich
be0642bcfb
add verify-task to check if mysql is running and enabled (#608) 
* add verify-task to check if mysql is running and enabled

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* Update molecule/mysql_hardening/verify_tasks/service.yml

Co-authored-by: schurzi <Martin.Schurz@t-systems.com>

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: schurzi <Martin.Schurz@t-systems.com>
 2022-12-07 08:49:07 +01:00
dev-sec CI
b0454fade2 update changelog 2022-11-30 15:15:52 +00:00
DonEstefan
bb3c63e321
fix IPv6 hardening (#607) 
Signed-off-by: DonEstefan <donestefan@users.noreply.github.com>

Signed-off-by: DonEstefan <donestefan@users.noreply.github.com>
Co-authored-by: donestefan <donestefan@users.noreply.github.com>
 2022-11-30 16:13:25 +01:00
dev-sec CI
d3e6df3dbf update changelog 2022-11-29 14:11:39 +00:00
Sebastian Gumprich
e66c2eb6bb
Add OpenSUSE support (#605) 
* Add variables for mariadb on opensuse

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* enable pipeline

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* add a note about the reuirement of the jmespath library.

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* Use python3 on opensuse

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix my yml.

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* use right ansible variable

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* Suse requires python-rpm

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* try zypper

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* python-xml

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* another try at fixing the install

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix my yml

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* another try

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* another try

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* another try now with rpm.

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix my yml...

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* typo

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* do the test for Suse on the shell and not in ansible

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* specify to use bash

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* specify to use bash

* try the removes keyword of builtin.shell

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix ansible syntax

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* fix zypper syntax

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* ensure pymysql is present

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>

* set ansible python interpreter in converge-step, too

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* move install task to prepare

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

Signed-off-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: Florian Goth <fgoth@physik.uni-wuerzburg.de>
 2022-11-29 15:09:27 +01:00
dev-sec CI
61e92aaaf6 update changelog 2022-11-24 07:41:20 +00:00
Jacob Sievert
ade6deeba2
Updates handlers for new ansible syntax and deprecated options for legacy commands (#602) 
* Update main.yml

fixes the handler file and set new syntax

Signed-off-by: Jacob Sievert <jacob.sievert@sievert-mail.de>

* changes command module from legacy to builtin.

Signed-off-by: Jacob Sievert <jacob.sievert@sievert-mail.de>

Signed-off-by: Jacob Sievert <jacob.sievert@sievert-mail.de>
 2022-11-24 08:39:05 +01:00
dev-sec CI
66f5c6b131 update changelog 2022-11-23 12:51:31 +00:00
Cristian Baldi
7d1da63c94
Allow ssh_allow_tcp_forwarding to be a boolean (#600) 
* Allow ssh_allow_tcp_forwarding to be a boolean

Signed-off-by: Cristian Baldi <cristian.baldi@scrive.com>

* Update documentation related to ssh_allow_tcp_forwarding

Signed-off-by: Cristian Baldi <cristian.baldi@scrive.com>

Signed-off-by: Cristian Baldi <cristian.baldi@scrive.com>
 2022-11-23 13:45:01 +01:00
dev-sec CI
03f3974f37 update changelog 2022-11-17 13:01:02 +00:00
schurzi
006e3bf75b
Merge pull request #601 from dev-sec/contribute_dco 
add notice to sign-off work to contributor guideline
 2022-11-17 13:58:08 +01:00
Martin Schurz
98c645db5f add notice to sign-off work to contributor guideline 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2022-11-17 13:47:11 +01:00
dev-sec CI
dd97a90b65 update changelog 2022-11-08 09:29:35 +00:00
schurzi
d982a89cc1
Merge pull request #598 from dennisse/master 
OpenBSD does not support GSSAPI Authentication
 2022-11-08 10:26:42 +01:00
Dennis Eriksen
681898bd96 OpenBSD does not support GSSAPIAuthentication 
... and freaks out when it is mentioned in the config files. So let's
just remove the GSSAPI-stuff.

Signed-off-by: Dennis Eriksen <d@ennis.no>
 2022-11-08 09:12:18 +01:00
dev-sec CI
e32d550e9b update changelog 2022-11-04 11:03:08 +00:00
Dennis Eriksen
4df95e3733
OpenBSD does not set distributiuon_major_version (#597) 
This role fails with `The task includes an option with an undefined variable` on OpenBSD because `distributiuon_major_version` is not set on OpenBSD.

We should either default to "" if the variable is not set, or remove `vars/OpenBSD.yml`. I would prefer the former :)

Signed-off-by: Dennis Eriksen <d@ennis.no>

Signed-off-by: Dennis Eriksen <d@ennis.no>
 2022-11-04 12:00:55 +01:00
dev-sec CI
05205eb413 update changelog 2022-11-01 17:13:21 +00:00
schurzi
d0407b17c4
Merge pull request #596 from dev-sec/templates 
add Ansible specific templates for issues
 2022-11-01 18:10:59 +01:00
Martin Schurz
1346e37e14 actually add templates ... 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2022-10-28 10:26:00 +02:00
dev-sec CI
c2ee3105c7 update changelog 2022-10-28 05:16:41 +00:00
schurzi
613fbd82da
use github templates for new issues (#595) 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2022-10-28 07:14:58 +02:00
dev-sec CI
9530615d5f update galaxy.yml with new version 2022-10-27 18:48:57 +00:00
dev-sec CI
24d0153815 update changelog 2022-10-27 18:46:03 +00:00
schurzi
99fe8b6969
Merge pull request #594 from dlouzan/fix/type-cast-variables 
fix(os_hardening): cast expected int types in pam tasks
 2022-10-27 20:43:17 +02:00
Martin Schurz
f496b385dd use github templates for new issues 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2022-10-27 20:41:06 +02:00
Diego Louzán
f8295d5248 fix(os_hardening): cast expected int types in pam tasks 
Signed-off-by: Diego Louzán <diego.louzan@gmail.com>
 2022-10-27 16:50:08 +02:00
dev-sec CI
a1f75f877b update changelog 2022-10-26 08:33:13 +00:00
schurzi
901923bac2
Merge pull request #588 from dev-sec/support_more_os 
Support more os
 2022-10-26 10:13:40 +02:00
Martin Schurz
c30ef42355 exclude el9 from vm tests 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2022-10-25 18:59:11 +02:00
Sebastian Gumprich
e2b963d711 change baselines back to master 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2022-10-25 18:59:11 +02:00
Sebastian Gumprich
414efd6125 use correct centos stream images, try to fix prepare step for debian tests 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2022-10-25 18:59:11 +02:00
Sebastian Gumprich
87a461fc57 use forked mysql-baseline 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2022-10-25 18:59:11 +02:00
Sebastian Gumprich
dac66f4a88 simplify OS-vars files 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2022-10-25 18:59:11 +02:00
Sebastian Gumprich
3b8b394f10 add ssh-vars for new OS 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2022-10-25 18:59:11 +02:00
Sebastian Gumprich
b27ffd08b0 add mysql-vars for new OS 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2022-10-25 18:58:53 +02:00
dev-sec CI
8ee946a537 update changelog 2022-10-24 08:04:42 +00:00