Commit graph

55 commits

Author SHA1 Message Date
Sebastian Gumprich
dd3959276b merge os-hardening role into collection 2020-11-07 22:09:28 +01:00
Sebastian Gumprich
7eb8b4f3d3 Change directory layout. fix #48
This change gets rid of the separate role dir
and puts everything into the root-directory, making
it possible to install the role via ansible galaxy.
2015-10-21 20:52:46 +02:00
fitz123
519160b8e7 remove duplicate "update pam" task 2015-10-13 15:37:45 +07:00
fitz123
78fb438a10 Fix stuck in case pam files was updated before by force update 2015-09-30 22:11:37 +07:00
fitz123
b013986f61 Fix passwdqc default options 2015-09-24 02:51:56 +07:00
fitz123
afa3be1e6a Fix nologin shell path for Oracle and RedHat 2015-09-24 02:16:51 +07:00
fitz123
c5307b36f0 Fix nologin shell path 2015-09-24 00:56:09 +07:00
Sebastian Gumprich
1ff939db76 Use correct variable and change travis-test 2015-08-14 17:44:12 +00:00
Sebastian Gumprich
a1a439d38e Add mode to su-binary task. Fix #38 2015-08-13 21:02:57 +00:00
Sebastian Gumprich
9befb22e13 Change oneliner if-statements to be more readable 2015-08-06 14:00:14 +00:00
Sebastian Gumprich
a1425befeb Separate system-vars from editable vars. Fix #34 2015-07-27 20:47:23 +00:00
Sebastian Gumprich
b3af021cd9 Create limits.d-directory if it does not exist.
See [here](https://github.com/hardening-io/chef-os-hardening/issues/84).
2015-07-13 18:18:13 +00:00
Christoph Hartmann
75dbf1cae6 Merge pull request #30 from hardening-io/CL_RM_TODO
Update readme, todo, changelog, vars
2015-06-24 06:40:28 -07:00
Sebastian Gumprich
348fb1cc53 Change var to true to remove pkgs by default 2015-06-24 10:21:13 +00:00
Sebastian Gumprich
5e1e2513c5 Update readme, todo, changelog, vars
* This commit updates the readme in several ways.
* It adds a todo-list and a changelog.
* It deletes unused variables
2015-06-23 23:58:40 +02:00
Sebastian Gumprich
c8d9ac84ef Add module configuration 2015-06-23 23:58:12 +02:00
Christoph Hartmann
ac4754ff16 Merge pull request #29 from hardening-io/suid_fix
List-cleanup and follow symlinks added
2015-06-23 14:57:25 -07:00
Sebastian Gumprich
f6cf4fcdf5 Fix another sysctl-setting due to new tests 2015-06-23 23:51:18 +02:00
Sebastian Gumprich
8ba37823f9 Fix two sysctl-settings 2015-06-23 23:51:18 +02:00
Sebastian Gumprich
88f4f17786 Added condition to suid/sgid-execution 2015-06-23 17:49:37 +00:00
Sebastian Gumprich
46b50769aa List-cleanup and follow symlinks added
- This change alters the black- and white-listed list for
suid/sgid-management to be a proper yaml-formatted list.

- Furthermore "follow symlinks" was added to the tasks
that remove suid/sgid because otherwise the suid/sgid
from the link-targets would not be removed.
2015-06-23 11:01:00 +00:00
Christoph Hartmann
10267eb509 Merge pull request #23 from hardening-io/remove_authconfig
Delete authconfig-task on rhel-systems
2015-06-20 02:01:39 -07:00
Sebastian Gumprich
a345da0023 Delete authconfig-task on rhel-systems
The authconfig-task overrides changes we later do on files, so this
task is not necessary and causes some tasks to always change files
2015-06-19 11:51:23 +02:00
Sebastian Gumprich
e4c6436163 Add missing rhosts-include task 2015-06-19 11:51:09 +02:00
Christoph Hartmann
71c7042163 Merge pull request #24 from hardening-io/result_override
Use changed_when to avoid changed tasks
2015-06-19 02:48:08 -07:00
Sebastian Gumprich
1005cc133a Add ignore-vars. Change nologin-shell dep. on OS 2015-06-18 18:14:08 +00:00
Sebastian Gumprich
f82e7684c6 Added option to disable system accounts 2015-06-18 18:14:08 +00:00
Sebastian Gumprich
6f910c28d8 Use changed_when to avoid changed tasks
When a shell or command task, that only fetches data, gets executed,
the task will be marked as change, even though nothing changed.
This commit changes the behaviour of tasks that only fetch data.
For more info see here:
http://docs.ansible.com/playbooks_error_handling.html#overriding-the-changed-result
2015-06-18 13:42:29 +00:00
Sebastian Gumprich
531a051ef9 Skip sysctl-tasks in travis-environment 2015-06-17 12:11:59 +02:00
Sebastian Gumprich
e70974ba16 Add os_security_kernel_enable_module_loading 2015-06-08 17:25:50 +00:00
Sebastian Gumprich
81c171a55a Change sysctl-task. Fix #18 2015-06-06 18:35:09 +00:00
Christoph Hartmann
645240998d Merge pull request #16 from hardening-io/cnd_ip_fwd
Add conditions for various tasks. Fix #15
2015-06-03 12:35:43 -07:00
Sebastian Gumprich
7c121b7e2b Add missing condition 2015-06-01 21:46:05 +00:00
Sebastian Gumprich
255948feb3 Add conditions for various tasks. Fix #15 2015-06-01 20:33:35 +00:00
Sebastian Gumprich
fb59fab08f Remove duplicate whitelist-check 2015-06-01 19:36:37 +00:00
Sebastian Gumprich
544779e26a Add remove suid/sgid function 2015-06-01 14:50:22 +02:00
Sebastian Gumprich
e6f2253c49 replace sed with replace-module 2015-06-01 14:28:18 +02:00
Sebastian Gumprich
c9252b167f add gpgcheck rhnplugin.conf, consolidate task 2015-06-01 14:28:18 +02:00
Sebastian Gumprich
66e258da7e Add task to remove unused repos and pkgs 2015-06-01 14:28:17 +02:00
Sebastian Gumprich
95bb02edbe Make tasks clearer 2015-06-01 14:23:13 +02:00
Sebastian Gumprich
1782dbf3fa ignore RAs on Ipv6
See: https://github.com/hardening-io/puppet-os-hardening/blob/master/manifests/sysctl.pp#L66-L68
2015-06-01 10:59:37 +02:00
Sebastian Gumprich
3dce747cd6 Revert "ignore RAs on Ipv6"
This reverts commit a91cbe0192.
2015-05-28 18:47:18 +00:00
Sebastian Gumprich
a91cbe0192 ignore RAs on Ipv6
Taken from here:
https://github.com/hardening-io/puppet-os-hardening/blob/master/manifests/sysctl.pp#L66-L68
2015-05-28 18:43:52 +00:00
Sebastian Gumprich
a305b94230 Add separated files 2015-05-26 19:53:55 +00:00
Sebastian Gumprich
79ca60bfa1 Separate tasks into multiple smaller files 2015-05-26 19:53:16 +00:00
Sebastian Gumprich
557109e35a Separate the tasks into smaller files 2015-05-26 19:45:30 +00:00
Christoph Hartmann
01572d9041 Merge pull request #5 from hardening-io/yum
Enable gpg-check on all yum-repositories
2015-05-20 12:17:54 -07:00
Sebastian Gumprich
c2884687c8 Change tasks to use sed instead of lineinfile 2015-05-20 21:07:30 +00:00
Sebastian Gumprich
82fea53ba7 Enable gpg-check on all yum-repositories 2015-05-19 21:01:32 +00:00
Dominik Richter
226c2761f8 treat securetty config as an array 2015-05-11 23:06:34 +02:00