mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-10 01:04:13 +00:00
29f8a2fb78
* add testing for OpenBSD and FreeBSD Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * make python work Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * remove jinja template ... Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * make verify work Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct verify Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct verify Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct verify Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct verify Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use right vm name for connect Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add a bit of documentation Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * remove sudo Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add weird OpenSBD workaround Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * make verify playbook more consistent Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * rename nonlinux to BSD Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use openbsd7 for testing Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct use openbsd7 everywhere Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add waivers Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * update waiver descriptions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use docker for inspec Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * keep looking right ;) Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * correct path to waivers Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use ephemeral directory in docker Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use bsd inspec profile Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * remove openbsd workaround Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * re-add openbsd workaround Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * commit suggestions Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * add supportet OS to metadata Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> * use current python Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com> --------- Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
21 lines
1,005 B
YAML
21 lines
1,005 B
YAML
ssh-17:
|
|
run: false
|
|
justification: "GSSAPIAuthentication is disabled. see: https://github.com/dev-sec/ansible-collection-hardening/pull/598"
|
|
ssh-18:
|
|
run: false
|
|
justification: "GSSAPIDelegateCredentials is disabled. see: https://github.com/dev-sec/ansible-collection-hardening/pull/598"
|
|
sshd-30:
|
|
run: false
|
|
justification: "KerberosAuthentication is disabled. see: https://github.com/dev-sec/ansible-ssh-hardening/pull/171"
|
|
sshd-31:
|
|
run: false
|
|
justification: "KerberosOrLocalPasswd is disabled. see: https://github.com/dev-sec/ansible-ssh-hardening/pull/171"
|
|
sshd-32:
|
|
run: false
|
|
justification: "KerberosTicketCleanup is disabled. see: https://github.com/dev-sec/ansible-ssh-hardening/pull/171"
|
|
sshd-33:
|
|
run: false
|
|
justification: "GSSAPIAuthentication is disabled. see: https://github.com/dev-sec/ansible-collection-hardening/pull/598"
|
|
sshd-34:
|
|
run: false
|
|
justification: "GSSAPICleanupCredentials is disabled. see: https://github.com/dev-sec/ansible-collection-hardening/pull/598"
|