Releases: dev-sec/ansible-collection-hardening
Releases · dev-sec/ansible-collection-hardening
7.6.0
Changelog
7.6.0 (2021-04-27)
Implemented enhancements:
Fixed bugs:
Closed issues:
- Support HostKeyAlgorithms configuration for ssh_client file #441
Merged pull requests:
- fixed a typo in comments #439 (ssttehrani)
7.5.0
Changelog
7.5.0 (2021-04-01)
Implemented enhancements:
Fixed bugs:
- SSH kex [email protected] replaced #433
- Fix ssh kex [email protected] for openssh >= 8.5 #437 (BenjaminBoehm)
Closed issues:
- Harden user home directories #276
Merged pull requests:
- remove secure-auth param if mysql >= 8.0.3 #438 (rndmh3ro)
- Improved comments. #436 (joubbi)
- os_auth_pam_pwquality_options: Changed type to authtok_type #432 (joubbi)
- add restart-auditd handler after configuration change #427 (rndmh3ro)
- add new tasks to delete mysql users without passwords #423 (rndmh3ro)
- Uppercased first letter of task names. #422 (joubbi)
7.4.0
Changelog
7.4.0 (2021-03-23)
Closed issues:
- Errors in packer build for vagrant builder #244
Merged pull requests:
- Use pam_pwhistory.so instead of pam_unix.so for remembering old passwords #431 (joubbi)
- Remove comments from PAM config file, but keep it in the template #430 (joubbi)
- add support for using a proxy to test with molecule #429 (rndmh3ro)
- Harden user home dirs #428 (rndmh3ro)
- Improve Documentation for sysctl defaults #418 (joubbi)
- Ensure permissions on /etc/crontab are configured #405 (joubbi)
7.3.0
Changelog
7.3.0 (2021-03-16)
Implemented enhancements:
- pam_tally2 is deprecated in RHEL8 and pam_faillock should be used in EL7 and EL8 instead. #377
- Replace pam_tally2 with pam_faillock in Redhat #273
- Extend GSSAPI configuration support to ssh_config #403 (wzzrd)
- add restart handler variable for mysql role #399 (rndmh3ro)
- restructure PAM handling and update for currently supported Linux distributions #392 (schurzi)
Fixed bugs:
- Not able to use
sudocommand for user authenticated via ActiveDirectory #278 - You shouldn't touch /etc/pam.d/system-auth-ac in RedHat/CentOS #252
Closed issues:
- Netdata monitoring of docker in docker no longer possible #412
- Unable to connect with SSH (Permission denied (publickey)) #411
- TASK [os_hardening : configure auditd | package-08] #410
- Collection throws undefined ansible_role_name error in auditd task #409
- Ensure permissions on /etc/crontab are configured #375
- Documentation should be updated #361
Merged pull requests:
- Improve Release Action #421 (schurzi)
- remove FQCN from roles in examples #420 (schurzi)
- Ensure permissions on /etc/crontab are configured #405 (joubbi)
- remove FQCN from roles in examples #404 (schurzi)
- do not install mysql python package on target host #401 (rndmh3ro)
- make wrong password fail task #400 (rndmh3ro)
7.2.0
Changelog
7.2.0 (2021-02-10)
Implemented enhancements:
- Add variable to specify SSH host RSA key size #394 (Normo)
- Set default for ssh host key files only when hardening the server #393 (Normo)
Fixed bugs:
- A reason why instance would go in rescue mode ? #267
- fix galaxy action to update local galaxy.yml #395 (Normo)
Closed issues:
- Updating version in galaxy.yml should be part of the release process #396
- ssh_hardening fail on keypair generation #388
- The system must display the date and time of the last successful account logon upon an SSH logon. #362
- Error in "root password is present" step #326
Merged pull requests:
- update ansible-lint to version 5 #397 (schurzi)
- fix minimum required ansible version in docs #390 (schurzi)
* This Changelog was automatically generated by github_changelog_generator
7.1.1
Changelog
7.1.1 (2021-02-05)
Fixed bugs:
Closed issues:
- ssh_hardening fail on keypair generation #388
- AnsibleUndefinedVariable: 'ansible_role_name' is undefined with 7.1.0 #387
Merged pull requests:
* This Changelog was automatically generated by github_changelog_generator
7.1.0
Changelog
7.1.0 (2021-02-02)
Implemented enhancements:
- Default value for ssh_max_startups should be changed #366
- Comment in configuration files should state which collection was there #345
- Error on applying the sysctl vars on Debian Jessy #230
- add Support for OpenSSH HostCertificate config option #380 (mpraeger)
- Syncookie #372 (joubbi)
- Sorted sysctl values and lists in READMEs alphabetically (No functional changes). #371 (joubbi)
- make auditd 'max_log_file' configurable #370 (tgueldner-mms)
- reduce maximum unauthenticated ssh sessions #368 (schurzi)
- add a runtime.yml to declare minimum ansible version #363 (rndmh3ro)
- change inclusion of os specific defaults #353 (schurzi)
- make the os_env_umask variable usable #351 (sprat)
- Fix #348: make ssh configuration files paths configurable #350 (sprat)
- Removed Protocol statement in later versions of sshd, since the code … #342 (joubbi)
- Improvements of comments in opensshd.conf.j2 #338 #339 (joubbi)
Fixed bugs:
- Comments in opensshd.conf.j2 should be improved #338
- check for correct cpu vendor in initramfs-tools #374 (schurzi)
- set hidepid=0 on RHEL/CentOS 7 #369 (schurzi)
Closed issues:
- initramfs-tools modules.j2 does not seem to be able to detect AMD CPUs #373
- How do i install this on Centos 8? #367
- hidepid=2 gives error when running systemctl on EL7 #364
- Allow putting the ssh/sshd config in alternative files #348
- os_env_umask has no effect #344
- Don't modify /etc/sysctl.conf #343
Merged pull requests:
- use version tag for changelog action #386 (schurzi)
- make release workflow manually runnable #384 (schurzi)
- run labeler workflow with higher privileges #383 (schurzi)
- remove issue labels from changelog #382 (schurzi)
- Added comment on top of templates about which role manages the file #378 (joubbi)
- Regenerate RSA key with size 4096 bits #376 (ssttehrani)
- fix second changelog generation task, too #349 (rndmh3ro)
- fix changelog generation #341 (rndmh3ro)
- Improve README for ssh_hardening #335 (szEvEz)
* This Changelog was automatically generated by github_changelog_generator
7.0.0
7.0.0 (2020-11-11)
Breaking changes:
Implemented enhancements:
- Breaking change in ansible-lint - set file permissions explicitly #299 [enhancement] [minor] [os_hardening]
- Improve Documentation #315 [enhancement] [os_hardening] (schurzi)
- Arch support #303 [enhancement] [minor] [os_hardening] (rndmh3ro)
- fix linting for molecule #301 [enhancement] [os_hardening] [patch] (schurzi)
- file permissions explicitly defined #300 [enhancement] [minor] [os_hardening] (danielkubat)
Fixed bugs:
- Task "set 10.hardcore.conf perms to 0400 and root ownership" fails in check mode #313 [bug] [patch]
- use touch for 10.hardcore.conf to avoid problems with dry-run #314 [bug] [patch] (schurzi)
- use touch with no date changes #310 [bug] [patch] (rndmh3ro)
- do not touch sysctl file to avoid idempotency problems #309 [bug] [patch] (rndmh3ro)
Closed issues:
- Any planned support for RHEL/CentOS 8? #298
Merged pull requests:
- prettier markdown files action added #322 (danielkubat)
- adjust permissions on shadow file on suse #311 [patch] (rndmh3ro)
6.2.0
Changelog
6.2.0 (2020-08-17)
Implemented enhancements:
- Optimize and unify when clause #295 (Alexhha)
- use find module instead of shell #294 (danielkubat)
- improve testing #287 (schurzi)
Fixed bugs:
- Inconsistent use of role vars/role defaults #284
- replace module parameter fixed #297 (danielkubat)
Closed issues:
- Consider using find module instead of shell #293
- Optimize logical OR in when clause #292
- vfat added to dev-sec.conf, but efi is used #288
- OpenSUSE Support #249
Merged pull requests:
- fix fedora build #296 (rndmh3ro)
- do not blacklist used filesystems #289 (schurzi)
- move hidepid vars into defaults so theyre overwritable #285 (rndmh3ro)
* This Changelog was automatically generated by github_changelog_generator
6.1.0
Changelog
6.1.0 (2020-07-21)
Implemented enhancements:
Fixed bugs:
- Is it safe to use on Debian 10? The build is failing. #281
Closed issues:
- The state of the galaxy release #269
Merged pull requests:
* This Changelog was automatically generated by github_changelog_generator