ansible-collection-hardening/CHANGELOG.md

Changelog

7.7.0 (2021-05-05)

Full Changelog

Implemented enhancements:

• Add tasks for new controls #123 [enhancement] [hacktoberfest] [help wanted]
• ssh_allow_tcp_forwarding remote option added #447 [enhancement] [minor] [ssh_hardening] (alimli)

Fixed bugs:

• Check for MariaDB Version when selecting users without passwords #444 [bug] [mysql_hardening] [patch] (neubi4)
• Adds dependency on ansible.posix and community.general #415 [bug] [patch] (irl)

Closed issues:

• No dependency on ansible.posix collection #414
• No dependency on community.general #413
• in lxc/docker/openvz IPv6 is always disabled by ufw-configuration #402
• Allow login_unix_socket to be specified #327

Merged pull requests:

• add back labels to changelog #446 (rndmh3ro)

7.6.0 (2021-04-27)

Full Changelog

Implemented enhancements:

• ssh: Client HostKeyAlgorithms configuration variable #442 [enhancement] [minor] [ssh_hardening] (sepek)

Fixed bugs:

• mysql USER and HOST should be quoted for drop query #443 [bug] [mysql_hardening] [patch] (neubi4)

Closed issues:

• Support HostKeyAlgorithms configuration for ssh_client file #441

Merged pull requests:

• fixed a typo in comments #439 [documentation] [ssh_hardening] (ssttehrani)

7.5.0 (2021-04-01)

Full Changelog

Implemented enhancements:

• Not accepting source routing for IPv6. This was already done for IPv4. #424 [enhancement] [minor] [os_hardening] (joubbi)

Fixed bugs:

• SSH kex sntrup4591761x25519-sha512@tinyssh.org replaced #433 [bug]
• Fix ssh kex sntrup761x25519-sha512@openssh.com for openssh >= 8.5 #437 [bug] [patch] [ssh_hardening] (BenjaminBoehm)

Closed issues:

• Harden user home directories #276

Merged pull requests:

• remove secure-auth param if mysql >= 8.0.3 #438 [mysql_hardening] [nginx_hardening] [os_hardening] [patch] [ssh_hardening] (rndmh3ro)
• Improved comments. #436 [os_hardening] (joubbi)
• os_auth_pam_pwquality_options: Changed type to authtok_type #432 [os_hardening] [patch] (joubbi)
• add restart-auditd handler after configuration change #427 [mysql_hardening] [nginx_hardening] [os_hardening] [patch] [ssh_hardening] (rndmh3ro)
• add new tasks to delete mysql users without passwords #423 [mysql_hardening] [nginx_hardening] [os_hardening] [ssh_hardening] (rndmh3ro)
• Uppercased first letter of task names. #422 [mysql_hardening] [nginx_hardening] [os_hardening] [ssh_hardening] (joubbi)

7.4.0 (2021-03-23)

Full Changelog

Implemented enhancements:

• Harden user home dirs #428 [enhancement] [minor] [os_hardening] (rndmh3ro)

Closed issues:

• Errors in packer build for vagrant builder #244

Merged pull requests:

• Use pam_pwhistory.so instead of pam_unix.so for remembering old passwords #431 [minor] [os_hardening] (joubbi)
• Remove comments from PAM config file, but keep it in the template #430 [os_hardening] [patch] (joubbi)
• add support for using a proxy to test with molecule #429 [mysql_hardening] [nginx_hardening] [os_hardening] [patch] [ssh_hardening] (rndmh3ro)
• Improve Documentation for sysctl defaults #418 [documentation] [os_hardening] [patch] (joubbi)

7.3.0 (2021-03-16)

Full Changelog

Implemented enhancements:

• pam_tally2 is deprecated in RHEL8 and pam_faillock should be used in EL7 and EL8 instead. #377 [enhancement] [os_hardening]
• Replace pam_tally2 with pam_faillock in Redhat #273 [enhancement] [os_hardening]
• Extend GSSAPI configuration support to ssh_config #403 [enhancement] [minor] [ssh_hardening] (wzzrd)
• add restart handler variable for mysql role #399 [enhancement] [mysql_hardening] (rndmh3ro)
• restructure PAM handling and update for currently supported Linux distributions #392 [enhancement] [minor] [os_hardening] (schurzi)

Fixed bugs:

• Not able to use sudo command for user authenticated via ActiveDirectory #278 [bug] [os_hardening]
• You shouldn't touch /etc/pam.d/system-auth-ac in RedHat/CentOS #252 [bug] [os_hardening]

Closed issues:

• Netdata monitoring of docker in docker no longer possible #412
• Unable to connect with SSH (Permission denied (publickey)) #411
• TASK [os_hardening : configure auditd | package-08] #410
• Collection throws undefined ansible_role_name error in auditd task #409
• Ensure permissions on /etc/crontab are configured #375 [minor] [os_hardening]
• Documentation should be updated #361

Merged pull requests:

• Improve Release Action #421 [patch] (schurzi)
• remove FQCN from roles in examples #420 [mysql_hardening] [nginx_hardening] [os_hardening] [ssh_hardening] (schurzi)
• Ensure permissions on /etc/crontab are configured #405 [minor] [os_hardening] (joubbi)
• remove FQCN from roles in examples #404 [documentation] [mysql_hardening] [nginx_hardening] [os_hardening] [ssh_hardening] (schurzi)
• do not install mysql python package on target host #401 [mysql_hardening] (rndmh3ro)
• make wrong password fail task #400 [mysql_hardening] (rndmh3ro)

7.2.0 (2021-02-10)

Full Changelog

Implemented enhancements:

• Add variable to specify SSH host RSA key size #394 [enhancement] [minor] [ssh_hardening] (Normo)
• Set default for ssh host key files only when hardening the server #393 [enhancement] [minor] [ssh_hardening] (Normo)

Fixed bugs:

• A reason why instance would go in rescue mode ? #267 [bug]
• fix galaxy action to update local galaxy.yml #395 [bug] [patch] (Normo)

Closed issues:

• Updating version in galaxy.yml should be part of the release process #396
• ssh_hardening fail on keypair generation #388
• The system must display the date and time of the last successful account logon upon an SSH logon. #362
• Error in "root password is present" step #326

Merged pull requests:

• update ansible-lint to version 5 #397 [mysql_hardening] [nginx_hardening] [os_hardening] [patch] [ssh_hardening] (schurzi)
• fix minimum required ansible version in docs #390 (schurzi)

7.1.1 (2021-02-05)

Full Changelog

Fixed bugs:

• use fqcn for community.crypto.openssh_keypair module #389 [bug] [ssh_hardening] (schurzi)

Closed issues:

• AnsibleUndefinedVariable: 'ansible_role_name' is undefined with 7.1.0 #387

7.1.0 (2021-02-02)

Full Changelog

Implemented enhancements:

• Default value for ssh_max_startups should be changed #366 [enhancement] [minor] [ssh_hardening]
• Comment in configuration files should state which collection was there #345 [enhancement]
• Error on applying the sysctl vars on Debian Jessy #230 [enhancement] [hacktoberfest] [help wanted]
• add Support for OpenSSH HostCertificate config option #380 [enhancement] [minor] [ssh_hardening] (mpraeger)
• Syncookie #372 [enhancement] [minor] [os_hardening] (joubbi)
• Sorted sysctl values and lists in READMEs alphabetically No functional changes. #371 [enhancement] [os_hardening] (joubbi)
• make auditd 'max_log_file' configurable #370 [enhancement] [minor] [os_hardening] (tgueldner-mms)
• reduce maximum unauthenticated ssh sessions #368 [enhancement] [minor] [ssh_hardening] (schurzi)
• add a runtime.yml to declare minimum ansible version #363 [enhancement] (rndmh3ro)
• change inclusion of os specific defaults #353 [enhancement] [mysql_hardening] [os_hardening] [ssh_hardening] (schurzi)
• make the os_env_umask variable usable #351 [enhancement] [os_hardening] (sprat)
• Fix #348: make ssh configuration files paths configurable #350 [enhancement] [minor] [ssh_hardening] (sprat)
• Removed Protocol statement in later versions of sshd, since the code … #342 [enhancement] [minor] [ssh_hardening] (joubbi)
• Improvements of comments in opensshd.conf.j2 #338 #339 [enhancement] [patch] [ssh_hardening] (joubbi)

Fixed bugs:

• Comments in opensshd.conf.j2 should be improved #338 [bug]
• check for correct cpu vendor in initramfs-tools #374 [bug] [os_hardening] [patch] (schurzi)
• set hidepid=0 on RHEL/CentOS 7 #369 [bug] [os_hardening] [patch] (schurzi)

Closed issues:

• initramfs-tools modules.j2 does not seem to be able to detect AMD CPUs #373
• How do i install this on Centos 8? #367
• hidepid=2 gives error when running systemctl on EL7 #364 [os_hardening] [patch]
• Allow putting the ssh/sshd config in alternative files #348
• os_env_umask has no effect #344
• Don't modify /etc/sysctl.conf #343 [os_hardening]

Merged pull requests:

• use version tag for changelog action #386 (schurzi)
• make release workflow manually runnable #384 (schurzi)
• run labeler workflow with higher privileges #383 (schurzi)
• remove issue labels from changelog #382 (schurzi)
• Added comment on top of templates about which role manages the file #378 [mysql_hardening] [nginx_hardening] [os_hardening] [patch] [ssh_hardening] (joubbi)
• Regenerate RSA key with size 4096 bits #376 [minor] [ready to review] (ssttehrani)
• fix second changelog generation task, too #349 (rndmh3ro)
• fix changelog generation #341 (rndmh3ro)
• Improve README for ssh_hardening #335 [patch] [ssh_hardening] (szEvEz)

7.0.0 (2020-11-11)

Full Changelog

Breaking changes:

• Move all roles to one single collection #332 [breaking] (rndmh3ro)

Implemented enhancements:

• Breaking change in ansible-lint - set file permissions explicitly #299 [enhancement] [minor] [os_hardening]
• Configure audit=1 for more accurate auid auditing #253 [enhancement]
• Add Debian Buster support for ansible-os-hardening #233 [enhancement] [hacktoberfest]
• Add CentOS 8 support for ansible-os-hardening #232 [enhancement] [hacktoberfest]
• Speed up "minimize access on found files" task #208 [enhancement]
• Fedora support? #163 [enhancement] [help wanted]
• Update some RH settings in this role #155 [enhancement]
• Add selinux configuration #154 [enhancement] [hacktoberfest] [help wanted]
• Warning about "include" for tasks for ansible-playbook 2.4.0 devel f0a5854e39 #131 [enhancement]
• Removal of core dump hardening configuration if core dumps are allowed #129 [enhancement] [help wanted]
• Description of the Ansible roles of dev-sec says "This Ansible playbook" #97 [enhancement]
• Improve Documentation #315 [enhancement] [os_hardening] (schurzi)
• Arch support #303 [enhancement] [minor] [os_hardening] (rndmh3ro)
• fix linting for molecule #301 [enhancement] [os_hardening] [patch] (schurzi)
• file permissions explicitly defined #300 [enhancement] [minor] [os_hardening] (danielkubat)
• Optimize and unify when clause #295 [enhancement] [patch] (Alexhha)
• use find module instead of shell #294 [enhancement] [patch] (danielkubat)
• improve testing #287 [enhancement] [minor] (schurzi)
• Mount proc filesystem using hidepid option #283 [enhancement] [minor] (alegrey91)
• unify changelog and release actions #279 [enhancement] [patch] (rndmh3ro)
• purge insecure packages #275 [enhancement] [minor] (chris-rock)
• add changelog and release workflow #271 [enhancement] [patch] (rndmh3ro)
• github action for changelog generation #270 [enhancement] [patch] (rndmh3ro)
• Make useradd defaults in login.defs dependent on OS #266 [enhancement] (aisbergg)
• Add kernel hardening parameters from Tails and CIS Benchmark #263 [enhancement] (kravietz)
• add ansible-lint #262 [enhancement] (rndmh3ro)
• Remove trailing space #261 [enhancement] (kravietz)
• Add kernel parameter information to README #259 [enhancement] (jaredledvina)
• Remove trailing whitespaces ansible-lint 201 #254 [enhancement] (kravietz)
• Standardize the var ordering #251 [enhancement] (dustinmiller)
• Add intial support for OpenSUSE #250 [enhancement] (dustinmiller)
• Make max_log_file_action for auditd configurable #246 [enhancement] (jandd)
• Add exception in sysctl task #240 [enhancement] (ghost)
• Fedora - Use new auto ansible_python_interpreter for dnf #239 [enhancement] (jaredledvina)
• add test support for CentOS8 #237 [enhancement] (yeoldegrove)
• Support configuring SELinux and default to enforcing #236 [enhancement] (jaredledvina)
• Add test support for debian buster #234 [enhancement] (123Haynes)
• Changed local var name to a less common one #231 [enhancement] (rgarrigue)
• Use ansible facts for vars #226 [enhancement] (joshuatalb)
• Fix deprecation warnings in Ansible 2.8 #224 [enhancement] (Normo)
• add docs to find-task in minimize access. fix #219 #220 [enhancement] (rndmh3ro)
• remove eol'd OS and add new #217 [enhancement] (rndmh3ro)
• Add note about docker under warning #214 [enhancement] (ChrisMcKee)
• change minimize access tasks to speed them up #209 [enhancement] (rndmh3ro)
• Added fedora support #206 [enhancement] (jonaswre)
• Pass package list directly to apt and yum modules without using with_items loop #200 [enhancement] (Normo)
• add ubuntu 1804 support #196 [enhancement] (rndmh3ro)
• add option to disable auditd #192 [enhancement] (rndmh3ro)
• fix problems with efi and vfat #190 [enhancement] (rndmh3ro)
• added os_hardening_enabled flag #186 [enhancement] (jcheroske)
• add amazon run opts to travis #183 [enhancement] (rndmh3ro)
• use package instead of yum and apt #180 [enhancement] (rndmh3ro)
• add oracle7 to travis #178 [enhancement] (rndmh3ro)
• fix wrong permissions passwdqc #170 #176 [enhancement] (rndmh3ro)
• ipv4 forwarding comment is inconsistent with example #174 [enhancement] (carchrae)
• Rename pam_passwdqd.j2 to pam_passwdqc.j2 #172 [enhancement] (martinbydefault)
• Use package state 'present' since 'installed' is deprecated #168 [enhancement] (Normo)
• Update syntax to Ansible 2.4 #161 [enhancement] (thomasjpfan)
• add amazon linux testing #160 [enhancement] (rndmh3ro)
• Add support for Amazon Linux #158 [enhancement] (woneill)
• Don't create home for system accounts #156 [enhancement] (oakey-b1)
• Prevent disabling of filesystems via whitelist #153 [enhancement] (manuelprinz)
• Add kernel hardening settings from Ubuntu /etc/sysctl.d #150 [enhancement] (kravietz)
• Removal of core dump hardening configuration if core dumps are allowed #146 [enhancement] (martinbydefault)
• install and configure auditd - fix inspec package-08 #144 [enhancement] (rndmh3ro)
• add missing sysctl parameter #143 [enhancement] [in progress] (rndmh3ro)
• update readme #139 [enhancement] (rndmh3ro)
• add modprobe template, control os-10 #138 [enhancement] (rndmh3ro)
• new task for delete netrc files, control os-09 #137 [enhancement] (rndmh3ro)
• add passwd task, control os-03 #136 [enhancement] (rndmh3ro)
• remove prelink package, control package-09 #135 [enhancement] (rndmh3ro)
• style update #134 [enhancement] (rndmh3ro)
• Remove deprecated include for static tasks and use instead import_tasks fix #131 #132 [enhancement] (HelioCampos)
• Fix ansible.cfg and use comment filter #130 [enhancement] (fazlearefin)
• install initramfs-tools #114 [enhancement] (rndmh3ro)
• omit empty variables #106 [bug] [enhancement] (rndmh3ro)
• Supports --check mode #93 [enhancement] (conorsch)
• Adds support for CentOS 7 #91 [enhancement] (conorsch)
• Docker #90 [enhancement] (rndmh3ro)
• debian 8 support #88 [enhancement] (rndmh3ro)
• Ufw manage defaults #85 [enhancement] (fitz123)
• replace ignore_errors to failed_when to supress ugly error warnings #81 [enhancement] (fitz123)
• fix bare variables usage for loops #79 [enhancement] (fitz123)
• update platforms in meta-file #69 [enhancement] (rndmh3ro)
• add webhook for ansible galaxy #68 [enhancement] (rndmh3ro)
• Move sysctl vars to defaults #67 [enhancement] (rndmh3ro)
• make sys_uid and sys_gid configurable #62 [enhancement] (rndmh3ro)
• Ansible 2.0 support #59 [enhancement] (rndmh3ro)
• use inspec as test framework #58 [enhancement] (chris-rock)
• Packages as attributes #57 [enhancement] (rndmh3ro)
• Change categories to tags for upcoming ansible 2.0 #56 [enhancement] (rndmh3ro)
• Add SINGLE and PROMPT parameters. #55 [enhancement] (rndmh3ro)
• add changelog generator #54 [enhancement] (chris-rock)

Fixed bugs:

• Task "set 10.hardcore.conf perms to 0400 and root ownership" fails in check mode #313 [bug] [patch]
• Inconsistent use of role vars/role defaults #284 [bug]
• Is it safe to use on Debian 10? The build is failing. #281 [bug]
• /etc/login.defs alters centos 7/8 default values #265 [bug] [help wanted]
• Invalid Conditionals in user_accounts.yml #255 [bug]
• auth-system related files are created for non-RHEL systems e.g. Debian #247 [bug]
• NSA website links are stale #227 [bug] [hacktoberfest] [help wanted]
• Running ansible on python3 throughs "TypeError: '<=' not supported between instances of 'str' and 'int'" #223 [bug]

• lots of

• squash_actions deprecation warning #218 [bug] [help wanted]
• login.defs.j2 template: ENV_PATH is missing ':' before variable substitution #202 [bug]
• auditd causing v5.0 to fail on unpriviledged LXC's #191 [bug]
• Setting os_security_users_allow has no effect #175 [bug]
• minimize_access: maximum recursion depth exceeded on Ansible 2.5 #171 [bug]
• wrong permissions passwdqc #170 [bug]
• 'sysctl_rhel_config' is undefined #167 [bug]
• Update deprecated include statements #166 [bug]
• Strongly recommend against disabling vfat by default #162 [bug]
• bug in ufw.j2 template #151 [bug]
• Add a "don't fail on error" switch ? #148 [bug]
• System completely unresponsive after role execution #145 [bug]
• Why is rsync removed? #141 [bug]
• RHEL 7.4: Too many setuid bits removed #140 [bug] [help wanted]
• Change system accounts not on the user provided ignore-list items are not JSON serializable #125 [bug]
• playbook makes OS undetectable #124 [bug]
• Centos7/RHEL7: Exec shield is enabled by default and not manageable anymore by sysctl.conf #118 [bug]
• Could not find gem 'ruby (>= 2.1.0)' #116 [bug]
• os_security_kernel_enable_sysrq is not implemented #115 [bug]
• The task sysctl fails when /etc/initramfs-tools is not present #111 [bug]
• The role fails when conditionally included #105 [bug]
• Deprecation warning always_run #103 [bug]
• CentOS 7 selinux dependencies #102 [bug]
• ubuntu xenial warning during activate gpg-check for yum-repos #99 [bug]
• rhel_system_auth.j2 is still using pam_passwdqc.so for CentOS 7 #98 [bug]
• Centos 7.1 fails at [Change various sysctl-settings on rhel-hosts...] #74 [bug]
• Enable pam_pwquality in rhel-family > 7 #73 [bug] [help wanted]
• Hardening fails on Centos 7.1 at task 'minimize access' #71 [bug] [help wanted]
• "irc" user always changed after reboot #53 [bug] [help wanted]
• use touch for 10.hardcore.conf to avoid problems with dry-run #314 [bug] [patch] (schurzi)
• use touch with no date changes #310 [bug] [patch] (rndmh3ro)
• do not touch sysctl file to avoid idempotency problems #309 [bug] [patch] (rndmh3ro)
• replace module parameter fixed #297 [bug] [patch] (danielkubat)
• Addressing issue #255 #258 [bug] (ljkimmel)
• Fix #247, cleanup conditions #248 [bug] (fernandezcuesta)
• Fix error on applying the sysctl vars on containers #243 [bug] (ghost)
• Update location of NSA RHEL 5 Guide #235 [bug] (jaredledvina)
• Fix typo #212 [bug] (ruslo)
• Update modprobe to 0644 #211 [bug] (joshuatalb)
• Test Kitchen Vagrant Fixes #210 [bug] (joshuatalb)

• readme

• fix ansible lint remarks #204 [bug] (rndmh3ro)
• add colon to user env paths - fix #202 #203 [bug] (rndmh3ro)
• add /usr/bin/su to suid_guid whitelist #199 [bug] (ccolic)
• ensure that permissions to su-binary are not restricted to root user and group only, if os_security_users_allow contains the value change_user #197 [bug] (szEvEz)
• do not install passwdqc on amazon linux #189 [bug] (rndmh3ro)
• add back run opts for debian 8 in travis #184 [bug] (rndmh3ro)
• Fix core dump config file creation when core dumps are disabled #182 [bug] (Normo)
• change minimize access method #181 [bug] (rndmh3ro)
• Fix errors produced by ansible-lint #159 [bug] (zbrojny120)
• replace single ticks with double ticks. fix #151 #152 [bug] (rndmh3ro)
• fixed tag #149 [bug] (martinbydefault)
• Remove rsync from package blacklist #142 [bug] (duk3luk3)
• Updates "tags" parameters on includes in main.yml #66 [bug] (conorsch)
• Suid set def var, fix #64 #63 [bug] (rndmh3ro)

Closed issues:

• Any planned support for RHEL/CentOS 8? #298
• Consider using find module instead of shell #293
• Optimize logical OR in when clause #292
• vfat added to dev-sec.conf, but efi is used #288
• The state of the galaxy release #269
• OpenSUSE Support #249
• ansible hardening fails on ubuntu 16.04 with msg": "ERROR! 'sysctl_rhel_config' is undefined #147
• Enhancement: Test with TestInfra and Molecule #128
• Enhancement: Pin python dependencies for development and testing #127
• Update readme to include baselines #122
• Error running on RHEL 7 due to syntax issues #112
• disable password age #109
• Permissions on /etc/shadow can lock out GUI users #86
• network related sysctl rewritten by ufw in ubuntu #82
• ansible >= 2.0 complains: Using bare variables is deprecated #78
• Hardening fails on Centos 7.1 at task 'remove suid/sgid bit from all binaries except in system and user whitelist' #72
• ansible 2.0 | "remove suid/sgid" task fails #64
• Custom sysctl #50
• Fix directory structure. #48
• pam auth update error #47
• ansible-os-hardening/tasks/minimize_access.yml #38
• Role configuration. vars/main.yml? #34
• Sysctl reloading #18
• Add conditions for disabling of ip forwarding #15
• Disable System Accounts #6

Merged pull requests:

• prettier markdown files action added #322 (danielkubat)
• adjust permissions on shadow file on suse #311 [patch] (rndmh3ro)
• fix fedora build #296 (rndmh3ro)
• do not blacklist used filesystems #289 [patch] (schurzi)
• move hidepid vars into defaults so theyre overwritable #285 [patch] (rndmh3ro)
• install procps in debian so sysctl.conf exists #282 [patch] (rndmh3ro)
• move defaults to os-specific vars #157 (rndmh3ro)
• Converts set to JSON-serializable list #126 (pestaa)
• add more sysctl settings, allow overwriting #120 (rndmh3ro)
• remove execshield sysctl-parameter on rhel7 #119 (rndmh3ro)
• change shadow owner in debian systems #117 (rndmh3ro)
• Rhel7 #113 (tyrken)
• use new Docker images #110 (rndmh3ro)
• Don’t refer to this role as "playbook" in the role description #104 (ypid)
• update template #101 (rndmh3ro)
• fix deprecation warning for undefined error. #99 #100 (rndmh3ro)
• add rhel7 pam_pwquality. fix #73 #94 (rndmh3ro)
• Fix a formatting issue in readme. #92 (vivekagr)
• Permits overriding permissions on /etc/shadow #89 (conorsch)
• Release 3.0.0 #75 (rndmh3ro)
• Add explicit role-path to kitchen.yml #52 (rndmh3ro)
• Fix pam passwdqc template #51 (rndmh3ro)
• New dir layout #49 (rndmh3ro)
• remove duplicate "update pam" task #46 (fitz123)
• Fix stuck in case pam files was updated before by force update #45 (fitz123)
• Fix nologin shell path #44 (fitz123)
• improved travis-tests to cover more cases #42 (rndmh3ro)
• Update kitchen-ansible, remove separate debian install #40 (rndmh3ro)
• Add mode to su-binary task. Fix #38 #39 (rndmh3ro)
• update common kitchen.yml platforms ansible, kitchen_debian.yml platforms ansible #37 (chris-rock)
• Change oneliner if-statements to be more readable #36 (rndmh3ro)
• Separate system-vars from editable vars. Fix #34 #35 (rndmh3ro)
• Create limits.d-directory if it does not exist. #33 (rndmh3ro)
• Add correct CONTRIB-file #32 (rndmh3ro)
• Add Ansible Galaxy badge #31 (rndmh3ro)
• Update readme, todo, changelog, vars #30 (rndmh3ro)
• List-cleanup and follow symlinks added #29 (rndmh3ro)
• Add module configuration #28 (rndmh3ro)
• Fix two sysctl-settings #27 (rndmh3ro)
• Add meta-files for Ansible Galaxy #26 (rndmh3ro)
• Disable System Accounts. Fix #6 #25 (rndmh3ro)
• Use changed_when to avoid changed tasks #24 (rndmh3ro)
• Delete authconfig-task on rhel-systems #23 (rndmh3ro)
• Add missing rhosts-include task #21 (rndmh3ro)
• Change sysctl-task. Fix #18 #20 (rndmh3ro)
• Add travis-support #17 (rndmh3ro)
• Add conditions for various tasks. Fix #15 #16 (rndmh3ro)
• fix configuration of playbook path #14 (chris-rock)
• Make tasks clearer #13 (rndmh3ro)
• Add remove suid/sgid function #12 (rndmh3ro)
• Add task to remove unused repos and pkgs #11 (rndmh3ro)
• Edit README to fit to os-hardening #10 (rndmh3ro)
• ignore RAs on Ipv6 #9 (rndmh3ro)
• Repair debian install script #8 (rndmh3ro)
• Separate tasks into multiple smaller files #7 (rndmh3ro)
• Enable gpg-check on all yum-repositories #5 (rndmh3ro)
• Change playbook-path to accomodate test-repo #4 (rndmh3ro)
• treat securetty config as an array #3 (arlimus)
• Add Securetty-support #2 (rndmh3ro)
• Add profile.conf configuration #1 (rndmh3ro)

* This Changelog was automatically generated by github_changelog_generator