mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-10 09:14:18 +00:00
12 KiB
12 KiB
Change Log
Unreleased
Implemented enhancements:
- Supports --check mode #93 (conorsch)
- Adds support for CentOS 7 #91 (conorsch)
- Docker #90 (rndmh3ro)
- debian 8 support #88 (rndmh3ro)
- Ufw manage defaults #85 (fitz123)
- replace ignore_errors to failed_when to supress ugly error warnings #81 (fitz123)
- fix bare variables usage for loops #79 (fitz123)
Fixed bugs:
- Centos 7.1 fails at [Change various sysctl-settings on rhel-hosts...] #74
- Hardening fails on Centos 7.1 at task 'minimize access' #71
Closed issues:
- Permissions on /etc/shadow can lock out GUI users #86
- network related sysctl rewritten by ufw in ubuntu #82
- ansible >= 2.0 complains: Using bare variables is deprecated #78
- Norm-Audit-Hardening-Audit #76
Merged pull requests:
- Fix a formatting issue in readme. #92 (vivekagr)
- Permits overriding permissions on /etc/shadow #89 (conorsch)
3.0.0 (2016-03-13)
Implemented enhancements:
- update platforms in meta-file #69 (rndmh3ro)
- add webhook for ansible galaxy #68 (rndmh3ro)
- Move sysctl vars to defaults #67 (rndmh3ro)
- make sys_uid and sys_gid configurable #62 (rndmh3ro)
- Ansible 2.0 support #59 (rndmh3ro)
- use inspec as test framework #58 (chris-rock)
- Packages as attributes #57 (rndmh3ro)
- Change categories to tags for upcoming ansible 2.0 #56 (rndmh3ro)
- Add SINGLE and PROMPT parameters. #55 (rndmh3ro)
- add changelog generator #54 (chris-rock)
Fixed bugs:
- Updates "tags" parameters on includes in main.yml #66 (conorsch)
- Suid set def var, fix #64 #63 (rndmh3ro)
- ERROR! Include tasks should not specify tags in more than one way #60 (fitz123)
Closed issues:
- Hardening fails on Centos 7.1 at task 'remove suid/sgid bit from all binaries except in system and user whitelist' #72
- ansible 2.0 | "remove suid/sgid" task fails #64
- Custom sysctl #50
Merged pull requests:
2.0.0 (2015-11-28)
Closed issues:
Merged pull requests:
- Add explicit role-path to kitchen.yml #52 (rndmh3ro)
- Fix pam passwdqc template #51 (rndmh3ro)
- New dir layout #49 (rndmh3ro)
- remove duplicate "update pam" task #46 (fitz123)
- Fix stuck in case pam files was updated before by force update #45 (fitz123)
- Fix nologin shell path #44 (fitz123)
- improved travis-tests to cover more cases #42 (rndmh3ro)
1.0.0 (2015-09-01)
Closed issues:
- ansible-os-hardening/tasks/minimize_access.yml #38
- Role configuration. vars/main.yml? #34
- Sysctl reloading #18
- Add conditions for disabling of ip forwarding #15
- Disable System Accounts #6
Merged pull requests:
- Update kitchen-ansible, remove separate debian install #40 (rndmh3ro)
- Add mode to su-binary task. Fix #38 #39 (rndmh3ro)
- update common kitchen.yml platforms
ansible
, kitchen_debian.yml platformsansible
#37 (chris-rock) - Change oneliner if-statements to be more readable #36 (rndmh3ro)
- Separate system-vars from editable vars. Fix #34 #35 (rndmh3ro)
- Create limits.d-directory if it does not exist. #33 (rndmh3ro)
- Add correct CONTRIB-file #32 (rndmh3ro)
- Add Ansible Galaxy badge #31 (rndmh3ro)
- Update readme, todo, changelog, vars #30 (rndmh3ro)
- List-cleanup and follow symlinks added #29 (rndmh3ro)
- Add module configuration #28 (rndmh3ro)
- Fix two sysctl-settings #27 (rndmh3ro)
- Add meta-files for Ansible Galaxy #26 (rndmh3ro)
- Disable System Accounts. Fix #6 #25 (rndmh3ro)
- Use changed_when to avoid changed tasks #24 (rndmh3ro)
- Delete authconfig-task on rhel-systems #23 (rndmh3ro)
- Add missing rhosts-include task #21 (rndmh3ro)
- Change sysctl-task. Fix #18 #20 (rndmh3ro)
- Add travis-support #17 (rndmh3ro)
- Add conditions for various tasks. Fix #15 #16 (rndmh3ro)
- fix configuration of playbook path #14 (chris-rock)
- Make tasks clearer #13 (rndmh3ro)
- Add remove suid/sgid function #12 (rndmh3ro)
- Add task to remove unused repos and pkgs #11 (rndmh3ro)
- Edit README to fit to os-hardening #10 (rndmh3ro)
- ignore RAs on Ipv6 #9 (rndmh3ro)
- Repair debian install script #8 (rndmh3ro)
- Separate tasks into multiple smaller files #7 (rndmh3ro)
- Enable gpg-check on all yum-repositories #5 (rndmh3ro)
- Change playbook-path to accomodate test-repo #4 (rndmh3ro)
- treat securetty config as an array #3 (arlimus)
- Add Securetty-support #2 (rndmh3ro)
- Add profile.conf configuration #1 (rndmh3ro)
* This Change Log was automatically generated by github_changelog_generator