Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
510 commits 15 branches 57 tags 4.6 MiB
Commit graph

510 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sebastian Gumprich
dd3959276b merge os-hardening role into collection 2020-11-07 22:09:28 +01:00
Sebastian Gumprich
6fc1320298 update for collection 
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
 2020-11-07 22:08:23 +01:00
dev-sec CI
87e82cbc60 update changelog 2020-10-05 08:52:55 +00:00
Sebastian Gumprich
be67e73a7e
this brings the task in line with the baseline (#311) 
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
 2020-10-05 10:50:07 +02:00
schurzi
c954b8af8f
Improve Documentation (#315) 
* improve formatting

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* add limitation for vm.mmap_rnd_bits to documentation

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* Apply suggestions from code review

Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2020-10-02 20:48:18 +02:00
dev-sec CI
ac097014df update changelog 2020-10-02 18:46:29 +00:00
schurzi
9394688158
use touch for 10.hardcore.conf to avoid problems with dry-run (#314) 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2020-10-02 20:43:35 +02:00
dev-sec CI
05d9551dfa update changelog 2020-09-20 12:30:06 +00:00
Sebastian Gumprich
ab0e5783b9
use touch with no date changes (#310) 
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
 2020-09-20 14:27:09 +02:00
dev-sec CI
30c282ef5d update changelog 2020-09-19 12:39:44 +00:00
Sebastian Gumprich
5c91da696a
do not touch sysctl file to avoid idempotency problems (#309) 2020-09-19 14:36:57 +02:00
dev-sec CI
6b465f9cbb update changelog 2020-08-22 13:23:59 +00:00
schurzi
b37c2ddb69
Merge pull request #303 from dev-sec/arch_support 
Arch support
 2020-08-22 15:21:18 +02:00
Sebastian Gumprich
de5a7ce506 add archlinux support 
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
 2020-08-22 14:08:08 +02:00
Andre Lehmann
77434b8a37 Make compatible with ArchLinux 
Signed-off-by: Andre Lehmann <aisberg@posteo.de>
 2020-08-22 13:39:44 +02:00
dev-sec CI
a806a25af5 update changelog 2020-08-22 06:56:30 +00:00
schurzi
4ddbbb2a61
fix linting for molecule (#301) 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2020-08-22 08:53:44 +02:00
dev-sec CI
17570fda66 update changelog 2020-08-18 22:08:28 +00:00
schurzi
989f7b0e1e
Merge pull request #300 from danielkubat/master 
define file permissions explicitly
 2020-08-19 00:05:51 +02:00
danielkubat
fd10d8e8d2 single quotes added to follow role formatting 
Signed-off-by: danielkubat <dan.kubat@gmail.com>
 2020-08-18 23:50:46 +02:00
danielkubat
34abe1ab03 mode defined in octal form 
Signed-off-by: danielkubat <dan.kubat@gmail.com>
 2020-08-18 22:50:10 +02:00
danielkubat
2a75fc11d3 permissions explicitly defined 
Signed-off-by: danielkubat <dan.kubat@gmail.com>
 2020-08-18 22:38:08 +02:00
dev-sec CI
6f0181b2fc update changelog 2020-08-17 10:17:48 +00:00
Daniel Kubat
7077187a67
replace module parameter fixed (#297) 
Signed-off-by: danielkubat <dan.kubat@gmail.com>
 2020-08-17 12:15:04 +02:00
dev-sec CI
37ab009093 update changelog 2020-08-16 18:19:43 +00:00
schurzi
56f6cd0337
Merge pull request #296 from dev-sec/fedora 
fix fedora build
 2020-08-16 20:17:15 +02:00
dev-sec CI
337c7dbbed update changelog 2020-08-16 08:06:54 +00:00
Daniel Kubat
2c4505addd
use find module instead of shell (#294) 
* use find module to find yum repos, regexp fixes

Signed-off-by: danielkubat <dan.kubat@gmail.com>

* use loop instead of with_*

Signed-off-by: danielkubat <dan.kubat@gmail.com>

* Update tasks/yum.yml

Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2020-08-16 10:04:26 +02:00
Sebastian Gumprich
88fecc4f2e try to fix fedora build 
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
 2020-08-16 09:53:11 +02:00
dev-sec CI
c777133050 update changelog 2020-08-13 09:48:20 +00:00
Alex Domoradov
29158e4285
Optimize and unify when clause (#295) 
Signed-off-by: Alex Domoradov <alex.hha@gmail.com>
 2020-08-13 11:45:44 +02:00
dev-sec CI
eb777fbe2f update changelog 2020-08-07 07:02:27 +00:00
schurzi
eaeca04d96
do not blacklist used filesystems (#289) 
* add additional check for efi

some systems seem to require vfat because of efi, despite not exposing a
/sys/firmware/efi directory.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* make linter happy

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* rework check to check for all used filesystems

so we don't break existing mounts with our configuration

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* do not check this on el6

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* add comment to clarify

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2020-08-07 08:59:46 +02:00
dev-sec CI
fe7e37e6e9 update changelog 2020-08-03 13:58:20 +00:00
schurzi
387fc472bd
improve testing (#287) 
* fix problem with package_facts on SuSE

SuSE Linux does not work with ansibel module packet_facts, so we need to
exclude this task there.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* fix local docker tests for all distributions

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* fix local vagrant tests for all distributions

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* simplify travis tests

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* fix opensuse in travis

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* add fixes for suse

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* add special case for suse docker

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2020-08-03 15:55:27 +02:00
dev-sec CI
740feae180 update changelog 2020-07-22 19:29:59 +00:00
Sebastian Gumprich
65a8fa0c6c
move hidepid vars into defaults so theyre overwritable (#285) 
fixes #284

Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
 2020-07-22 21:27:25 +02:00
dev-sec CI
994ea81e64 update changelog 2020-07-21 20:38:28 +00:00
alegrey91
a8e349913d
Mount proc filesystem using hidepid option (#283) 
* Added task to mount proc fs using hidepid option

Signed-off-by: alessio <ale_grey_91@hotmail.it>
Signed-off-by: alegrey91 <ale_grey_91@hotmail.it>
Signed-off-by: alessio <ale_grey_91@hotmail.it>

* Removed mount shell command due to ci problem

Signed-off-by: alegrey91 <ale_grey_91@hotmail.it>
Signed-off-by: alessio <ale_grey_91@hotmail.it>

* Added task to create mount point before to add fstab entry

Signed-off-by: alegrey91 <ale_grey_91@hotmail.it>
Signed-off-by: alessio <ale_grey_91@hotmail.it>

* Added check to ensure fstab exist

Signed-off-by: alegrey91 <ale_grey_91@hotmail.it>
Signed-off-by: alessio <ale_grey_91@hotmail.it>

* Modified task title

Signed-off-by: alegrey91 <ale_grey_91@hotmail.it>
Signed-off-by: alessio <ale_grey_91@hotmail.it>

* Fixed typo

Signed-off-by: alegrey91 <ale_grey_91@hotmail.it>
Signed-off-by: alessio <ale_grey_91@hotmail.it>

* Fixed typo

Signed-off-by: alegrey91 <ale_grey_91@hotmail.it>
Signed-off-by: alessio <ale_grey_91@hotmail.it>

* Fixed wrong indented lines

Signed-off-by: alegrey91 <ale_grey_91@hotmail.it>
Signed-off-by: alessio <ale_grey_91@hotmail.it>

* Removed useless tasks and improved variables use

Signed-off-by: alessio <ale_grey_91@hotmail.it>

* removed ansible test tag

Signed-off-by: alessio <ale_grey_91@hotmail.it>

* removed trailing whitespace

Signed-off-by: alessio <ale_grey_91@hotmail.it>

* updated documentation

Signed-off-by: alessio <ale_grey_91@hotmail.it>

* fixed typo

Signed-off-by: alessio <ale_grey_91@hotmail.it>

* Update README.md

* Update vars/main.yml

Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
 2020-07-21 22:35:50 +02:00
dev-sec CI
476f2ec8e2 update changelog 2020-07-12 07:18:50 +00:00
Sebastian Gumprich
990f95807f
remove mention of gitter 2020-07-12 09:16:22 +02:00
dev-sec CI
8d8277b3bd update changelog 2020-07-05 17:03:53 +00:00
Sebastian Gumprich
4d34d24c32
install procps in debian so sysctl.conf exists (#282) 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2020-07-05 19:01:21 +02:00
dev-sec CI
fe9fad8845 update changelog 2020-06-06 08:20:52 +00:00
Sebastian Gumprich
c31ad460ff
unify changelog and release actions (#279) 
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
 2020-06-06 10:18:18 +02:00
dev-sec CI
86cd494998 update changelog 2020-06-02 07:02:21 +00:00
dev-sec CI
9f566ae60d update changelog 2020-06-02 06:40:03 +00:00
Christoph Hartmann
0aba114a72
purge insecure packages (#275) 
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
 2020-06-02 08:38:52 +02:00
dev-sec CI
4e923c9756 update changelog 2020-05-21 00:43:54 +00:00
dev-sec CI
a0a247887c update changelog 2020-05-14 23:06:15 +00:00