Skip to content

Releases: dev-sec/ansible-collection-hardening

ansible-os-hardening 4.1.0

28 Jun 14:05
Compare
Choose a tag to compare

4.1.0 (2017-06-27)

Full Changelog

Fixed bugs:

  • Change system accounts not on the user provided ignore-list items are not JSON serializable #125

Closed issues:

  • Enhancement: Pin python dependencies for development and testing #127
  • Update readme to include baselines #122

Merged pull requests:

  • Converts set to JSON-serializable list #126 (pestaa)
  • add more sysctl settings, allow overwriting #120 (rndmh3ro)

ansible-os-hardening 4.0.0

22 Apr 18:50
Compare
Choose a tag to compare

4.0.0 (2017-03-14)

Full Changelog

Breaking Changes:

  • remove support for ansible 1.9 #110 (rndmh3ro)
    • Ansible 1.9 is not supported anymore

Implemented enhancements:

  • Description of the Ansible roles of dev-sec says "This Ansible playbook" #97
  • install initramfs-tools #114 (rndmh3ro)
  • omit empty variables #106 (rndmh3ro)

Fixed bugs:

  • The role fails when conditionally included #105
  • omit empty variables #106 (rndmh3ro)
  • Could not find gem 'ruby (>= 2.1.0)' #116
  • The task sysctl fails when /etc/initramfs-tools is not present #111
  • Deprecation warning always_run #103

Closed issues:

  • Error running on RHEL 7 due to syntax issues #112
  • disable password age #109

Merged pull requests:

ansible-os-hardening 3.2.0

24 Oct 13:34
Compare
Choose a tag to compare

3.2.0 (2016-10-24)

Full Changelog

Fixed bugs:

  • CentOS 7 selinux dependencies #102
  • ubuntu xenial warning during activate gpg-check for yum-repos #99
  • rhel_system_auth.j2 is still using pam_passwdqc.so for CentOS 7 #98
  • Enable pam_pwquality in rhel-family > 7 #73
  • "irc" user always changed after reboot #53

Merged pull requests:

ansible-os-hardening 3.1.0

03 Aug 17:27
Compare
Choose a tag to compare

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Centos 7.1 fails at [Change various sysctl-settings on rhel-hosts...] #74
  • Hardening fails on Centos 7.1 at task 'minimize access' #71

Closed issues:

  • Permissions on /etc/shadow can lock out GUI users #86
  • network related sysctl rewritten by ufw in ubuntu #82
  • ansible >= 2.0 complains: Using bare variables is deprecated #78
  • Norm-Audit-Hardening-Audit #76

Merged pull requests:

  • Fix a formatting issue in readme. #92 (vivekagr)
  • Permits overriding permissions on /etc/shadow #89 (conorsch)

ansible-os-hardening 3.0.0

13 Mar 19:33
Compare
Choose a tag to compare

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Updates "tags" parameters on includes in main.yml #66 (conorsch)
  • Suid set def var, fix #64 #63 (rndmh3ro)
  • ERROR! Include tasks should not specify tags in more than one way #60 (fitz123)

Closed issues:

  • Hardening fails on Centos 7.1 at task 'remove suid/sgid bit from all binaries except in system and user whitelist' #72
  • ansible 2.0 | "remove suid/sgid" task fails #64
  • Custom sysctl #50

ansible-os-hardening 2.0.0

28 Nov 20:52
Compare
Choose a tag to compare
  • Fix a bug in the passwdqc template (#51)
  • Change directory layout so the role is easily installable from ansible-galaxy (#49)
  • improved travis-tests to cover more cases (#42)

Thanks, @fitz123 for the following fixes!

  • Fix passwdqc default options (#44)
  • remove duplicate "update pam" task (#46)
  • Fix stuck in case pam files was updated before by force update (#45)
  • Fix nologin shell path (#44)

ansible-os-hardening 1.0.0

04 Sep 17:55
Compare
Choose a tag to compare
  • Implement os-hardening to meet our tests
  • Enable GPG-checking on all yum-repository files #5
  • Disable system accounts #6
  • Module-loading configuration #22
  • Travis support #17
  • Separate system-vars from editable vars. #34
  • Add mode to su-binary task. #39
  • Change oneliner if-statements to be more readable #36
  • Create limits.d-directory if it does not exist. #33