Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-13 02:17:06 +00:00
Code Issues Projects Releases Packages Wiki Activity
1685 commits 15 branches 57 tags 4.7 MiB
Commit graph

1685 commits

This branch
This branch
All branches
Author SHA1 Message Date
Martin Schurz
26d84b5f84 use custom /tmp dir 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 16:46:41 +01:00
Martin Schurz
9b6f313065 move pam tests up 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 15:54:03 +01:00
Martin Schurz
23071a183c add testcases for PAM 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-22 15:42:13 +01:00
dev-sec CI
66009496e2 update changelog 2021-02-22 09:24:50 +00:00
Sebastian Gumprich
bbf992d9fc
Create dependabot.yml 2021-02-22 10:22:38 +01:00
Farid Joubbi
91a0d62305 Ensure permissions on /etc/crontab are configured. #375 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-02-19 23:19:00 +01:00
Farid Joubbi
60d24db460 Ensure permissions on /etc/crontab are configured. #375 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-02-19 22:40:16 +01:00
dev-sec CI
90e0ce7c6b update changelog 2021-02-17 10:37:06 +00:00
schurzi
8e4c22d8d9
remove FQCN from roles in examples (#404) 
Ansible does not work with FQCN and collections sepcified for including
roles. It is currently expecting to only get the role name in this
context.

Verified with Ansible 2.10.5

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-17 11:34:37 +01:00
Martin Schurz
dba53718cf sssd is disabled on Amazonlinus 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-16 20:44:28 +01:00
Martin Schurz
4a5fa70507 default faillock to yes 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-16 19:31:51 +01:00
Martin Schurz
75683161a5 remove FQCN from roles in examples 
Ansible does not work with FQCN and collections sepcified for including
roles. It is currently expecting to only get the role name in this
context.

Verified with Ansible 2.10.5

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-15 11:26:59 +01:00
dev-sec CI
2a4b98ab4a update changelog 2021-02-15 10:26:19 +00:00
schurzi
5d55d29fe2
Merge pull request #403 from wzzrd/gssapi_client_support 
Extend GSSAPI configuration support to ssh_config
 2021-02-15 11:23:57 +01:00
Martin Schurz
64713ce75d add default for new variable 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-15 11:17:01 +01:00
Martin Schurz
ec36bf5b9c document parameter 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-15 00:22:03 +01:00
Martin Schurz
08aad6e80f add documentation 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-15 00:13:14 +01:00
Martin Schurz
28c6bf5c66 put force on the right task 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 23:31:24 +01:00
Martin Schurz
26c73ed1c9 fix debian faillock config 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 23:13:14 +01:00
Maxim Burgerhout
54c8e6aedb Split off ssh_gssapi_delegation into own variable 
Signed-off-by: Maxim Burgerhout <maxim@wzzrd.com>
 2021-02-14 22:07:33 +01:00
Martin Schurz
b9e33091e2 fix problems with auth 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 21:30:35 +01:00
Martin Schurz
7f1765c608 consolidate auth for rhel 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 17:30:02 +01:00
Martin Schurz
30f0839513 add support for rhel8 and sssd 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 12:44:20 +01:00
Martin Schurz
532917d956 remove rhel6 support from pam 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 12:14:54 +01:00
Martin Schurz
04654d0490 correct typo 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 11:19:12 +01:00
Martin Schurz
aa166f43fc split debian and rhel pam config 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-14 02:07:25 +01:00
Martin Schurz
19482c319c force create symlink 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-13 19:38:57 +01:00
Martin Schurz
fc7fb4fc8a make compatible to authconfig 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-13 18:09:48 +01:00
Maxim Burgerhout
8baab7516e Extend GSSAPI configuration support to ssh_config 
Previously, the ssh_gssapi_support variable only toggled the GSSAPI
settings in sshd_config.

Through this change, setting ssh_gssapi_support to true also enables
support in ssh_config.

It enables both authentication and credential delegation.

Signed-off-by: Maxim Burgerhout <maxim@wzzrd.com>
 2021-02-12 13:10:35 +01:00
Martin Schurz
7282187a90 Merge branch 'master' into tally 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 21:44:55 +01:00
Martin Schurz
157f4fca70 add tasks for faillock on debian 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 21:43:30 +01:00
dev-sec CI
70cd7bbf1e update changelog 2021-02-10 15:07:15 +00:00
Sebastian Gumprich
6be31fbc3b
do not install mysql python package on target host (#401) 
this package has to be installed on the host that executes the task

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-02-10 15:57:51 +01:00
Sebastian Gumprich
756839f8f0
make wrong password fail task (#400) 
* make wrong password fail task

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add name to fail task

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-02-10 15:55:08 +01:00
Sebastian Gumprich
c55c1f21ed
add restart handler variable for mysql role (#399) 
* add restart handler variable for mysql role

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add prettierignore file to ignore CHANGELOG

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-02-10 15:54:57 +01:00
dev-sec CI
8d3e452ce3 update galaxy.yml with new version 2021-02-10 13:02:01 +00:00
dev-sec CI
d8ea484f92 update changelog 2021-02-10 12:51:07 +00:00
schurzi
a98876b350
update ansible-lint to version 5 (#397) 
* add ansible to requirements

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* trigger run

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* update noqa for ansible-lint 5

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 13:47:01 +01:00
dev-sec CI
6d369739e4 update changelog 2021-02-10 11:59:07 +00:00
schurzi
2b39258d47
Merge pull request #395 from Normo/update-galaxy-version 
fix galaxy action to update local galaxy.yml
 2021-02-10 12:56:53 +01:00
Martin Schurz
75a8aca905 fix galaxy action to update local galaxy.yml 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 12:53:02 +01:00
Martin Schurz
94b9bfc3cd add files for faillock 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-10 12:49:12 +01:00
Norman Ziegner
b26b4e090c
Bump collection version from 7.0.0 to 7.1.1 
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
 2021-02-10 10:11:15 +01:00
Norman Ziegner
f035053381
Only set default for ssh host key files when hardening the server (#393) 
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
 2021-02-09 10:01:41 +01:00
rndmh3ro
0cfdb1954e Prettified Code! 2021-02-09 08:45:31 +00:00
Norman Ziegner
614662b99d
Add variable to specify host rsa key size (#394) 
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
 2021-02-09 09:44:55 +01:00
Martin Schurz
3ad4fbab0e add guard for tally debian unstable 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-08 11:18:50 +01:00
Martin Schurz
ebbf6855e8 add rhel faillock config 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-08 10:51:16 +01:00
Martin Schurz
b210df1233 re-add debian tally config 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-08 10:51:03 +01:00
Martin Schurz
a55a4d2024 remove pam_tally2 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-08 08:09:43 +01:00