Skip to content

Releases: chzerv/ansible-role-security

v0.8

25 May 11:02
@chzerv chzerv
v0.8
c0ce919
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.8 Latest
Latest

Breaking Changes ⚠️⚠️⚠️

  • Drop support for Achlinux
  • Drop support for RHEL <= 7
  • Remove the security_fail2ban_banaction variable
    • For Debian-based systems, fail2ban's default banaction will be used
    • For RedHat-based systems, if firewalld is running, it will be used as the banaction
      • This can be controlled via the security_fail2ban_use_firewalld_on_rhel variable

Other Changes

  • Creation of a fail2ban ssh jail can now be controlled via the security_fail2ban_add_ssh_jail variable (defaults to true)
  • unattanded-upgrades can now pull updates from ESMA (Extended Security Maintenance), if available
  • Project dependencies are now managed via Nix flakes

Minor fixes

  • Some typos
  • Use FQDNs for module names
  • Comply to ansible-lint rules

Testing

  • Test using molecule-vagrant instead of docker
Assets 2
Loading

Drop PAM-related configuration

10 Jan 09:19
@chzerv chzerv
v0.7
dac0430
Compare
Choose a tag to compare
Drop PAM-related configuration

The code for handling PAM stuff was not very robust. Since a small misconfiguration can lock the user out of their system, I've decided to drop support for PAM related configuration, other than disabling core dumps.

Assets 2
Loading

Pre-PAM removal

10 Jan 08:59
@chzerv chzerv
v0.6
3bc6593
Compare
Choose a tag to compare
Pre-PAM removal

This is the latest release that will allow the user for configuring PAM.

Assets 2
Loading