Releases: dev-sec/ansible-collection-hardening
Releases · dev-sec/ansible-collection-hardening
8.3.0
Changelog
8.3.0 (2022-10-27)
Implemented enhancements:
- add hardening of root user account(s) #579 [os_hardening] (donestefan)
Fixed bugs:
- os_auth_retries variable causes a comparison type error on pam tasks #593
- cast expected int types in pam tasks #594 [os_hardening] (dlouzan)
- do not manage trusted user ca keys if none exist #580 [ssh_hardening] (hollow)
Closed issues:
- Trying to run the os_hardening on Debian 11, but fails on privilege escalation #587
- auditd increasing logfiles #586
- Path to nginx.conf should be configurable in a variable #577
Merged pull requests:
- adopt all current suggestions from ansible-lint #592 [mysql_hardening] [os_hardening] [ssh_hardening] (schurzi)
- Support more os #588 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
- run tests only on pushes to master or to PRs #581 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
8.2.0
Changelog
8.2.0 (2022-09-08)
Implemented enhancements:
- Add nginx variables for config-path and owner/group #578 [nginx_hardening] (hagenbauer)
- add centos >8 Support #573 [ssh_hardening] (sbaerlocher)
- add always-tag to include so other tags can be used #569 [os_hardening] (rndmh3ro)
Closed issues:
- Bug using os_hardening "tags" #567
8.1.0
Changelog
8.1.0 (2022-08-26)
Implemented enhancements:
- add always-tag to include so other tags can be used #569 [os_hardening] (rndmh3ro)
Closed issues:
- Bug using os_hardening "tags" #567
- dev-sec CI bot should not update CHANGELOG.md in fork repository #566
Merged pull requests:
- update supported OS in meta and fix linting #572 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
- fix misleading comment #571 [os_hardening] (donestefan)
- only run release actions on upstream-repo #568 (rndmh3ro)
8.0.0
Changelog
8.0.0 (2022-08-22)
Breaking changes:
- change default to allow SFTP #564 [ssh_hardening] (schurzi)
Implemented enhancements:
- add possibility to keep .netrc files in users homedir #563 [os_hardening] (PhilippFunk)
- rework filesystem hardening #555 [os_hardening] (divialth)
Closed issues:
- Error in Task 'Create sshd_config and set permissions to root/600' #565 [ssh_hardening]
- [ssh_hardening] Debian 11 - Ansible cannot transfer files #557
- Add the old SFTP-Reminder to the stable ssh_hardening role for ansible #521
7.16.0
Changelog
7.16.0 (2022-08-16)
Implemented enhancements:
- revert debian 9 change, only one tls variable now #562 [nginx_hardening] (rndmh3ro)
- add posibility to run ssh_hardening as unprivileged user #561 [ssh_hardening] (schurzi)
- add basic support for ubuntu22.04 #554 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (schurzi)
- Add full support for Debian 11 #538 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (addianto)
Fixed bugs:
- Replace default 2048 bits RSA keypair fails on Ubuntu 20.04 #459
Closed issues:
7.15.1
Changelog
7.15.1 (2022-07-26)
Fixed bugs:
- Fix broken mode for /var/log/audit #552 [os_hardening] (hollow)
Merged pull requests:
- Only run hardening if /var/log/audit exists #550 [os_hardening] (mego22)
7.15.0
Changelog
7.15.0 (2022-07-11)
Implemented enhancements:
- Harden mountpoints #531 [os_hardening] (lbayerlein)
Fixed bugs:
- os_hardening gpg-check enabled fails on success #549 [os_hardening]
- add VM tests for os_hardening #547 [os_hardening] (schurzi)
- Linting #546 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
7.14.3
Changelog
7.14.3 (2022-06-29)
Closed issues:
- Version 7.14.2 not released to Ansible Galaxy #544
- os_hardening role: os_ignore_users not described in the Readme's variable topic #542
- doc: incorrect description for ssh_client_alive_count #540
- 'legacy' branch is mentioned in README, but apparently doesn't exist #539
- ansible_role_name is undefined #532
- Can't sudo anymore after hardening #518
- Any planned official support for RHEL/CentOS Stream 9? #517
Merged pull requests:
- Improve documentation #541 [ssh_hardening] (schurzi)
7.14.2
Changelog
7.14.2 (2022-02-28)
Fixed bugs:
- debian 9's nginx doesn't support tls1.3 #526 [nginx_hardening] (rndmh3ro)
- Change permissions of the tmout.sh file #520 [os_hardening] (abejotaR)
Closed issues:
- No such file directory error triggered by the kernel.unpriviliged_userns_clone configuration. #514
Merged pull requests:
- delete obsolete release drafts #530 (schurzi)
- add waivers to skip controls #529 [os_hardening] (rndmh3ro)
- remove centos8 tests #525 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
7.14.1
Changelog
7.14.1 (2022-02-18)
Fixed bugs:
- move sysctls to debian specific vars #524 [os_hardening] (rndmh3ro)
Closed issues: