7.14.3

Changelog

7.14.3 (2022-06-29)

Full Changelog

Closed issues:

• Version 7.14.2 not released to Ansible Galaxy #544
• os_hardening role: os_ignore_users not described in the Readme's variable topic #542
• doc: incorrect description for ssh_client_alive_count #540
• 'legacy' branch is mentioned in README, but apparently doesn't exist #539
• ansible_role_name is undefined #532
• Can't sudo anymore after hardening #518
• Any planned official support for RHEL/CentOS Stream 9? #517

Merged pull requests:

• Improve documentation #541 [ssh_hardening] (schurzi)

7.14.2

Changelog

7.14.2 (2022-02-28)

Full Changelog

Fixed bugs:

• debian 9's nginx doesn't support tls1.3 #526 [nginx_hardening] (rndmh3ro)
• Change permissions of the tmout.sh file #520 [os_hardening] (abejotaR)

Closed issues:

• No such file directory error triggered by the kernel.unpriviliged_userns_clone configuration. #514

Merged pull requests:

• delete obsolete release drafts #530 (schurzi)
• add waivers to skip controls #529 [os_hardening] (rndmh3ro)
• remove centos8 tests #525 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)

7.14.1

Changelog

7.14.1 (2022-02-18)

Full Changelog

Fixed bugs:

• move sysctls to debian specific vars #524 [os_hardening] (rndmh3ro)

Closed issues:

• Error when using the ssh_hardening role #519
• No such file directory error triggered by the kernel.unpriviliged_userns_clone configuration. #514

7.14.0

Changelog

7.14.0 (2021-12-16)

Full Changelog

Implemented enhancements:

• Add option to set timeout in seconds to logout users #516 [os_hardening] (lbayerlein)
• add feature to disable coredump to limit task #511 [os_hardening] (lbayerlein)
• Updated dh_params to 4096 #501 [nginx_hardening] (ksaadDE)

Fixed bugs:

• Fix duplicate sysctl config in fs #505 [os_hardening] (tekicat)

Closed issues:

• Roll back the changes #512
• Installing collection at tag 7.13.2 is defaulting to 7.12.0 each time #508
• Duplication of sysctl default parameter fs.protected_hardlinks and fs.protected_symlinks #502

Merged pull requests:

• Feature coredump #513 [os_hardening] (rndmh3ro)
• change hidepid mount task state to mounted #510 [os_hardening] (alegrey91)
• prettify nginx options #509 [nginx_hardening] (schurzi)
• Update nginx_add_header README to match default #506 [nginx_hardening] (duffn)

7.13.2

Changelog

7.13.1

Changelog

7.13.1 (2021-11-23)

Full Changelog

Closed issues:

• Unable to use 7.13.0 Release #503

7.13.0

Changelog

7.13.0 (2021-11-15)

Full Changelog

Implemented enhancements:

• os_hardening: Provide a whitelist for yum repositories with non-signed RPMs #485
• Disable ctrl-alt-del key combination #496 [os_hardening] (lbayerlein)
• implement sysctl-34 - link protection settings #494 [os_hardening] (rndmh3ro)
• Add TLSv1.3 to nginx default configuration #470 [nginx_hardening] (ksaadDE)

Closed issues:

• Please create the collection in ansible-galaxy #407

Merged pull requests:

• Improve testing: install packages on Arch Linux #499 [os_hardening] [ssh_hardening] (darxriggs)
• add old role names to tags in Galaxy #495 (schurzi)
• update minimum ansible version for roles #493 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• revive old tests with custom ssh settings #491 (rndmh3ro)
• Add whitelist option for yum repository files #487 [os_hardening] (darxriggs)

7.12.0

Changelog

7.12.0 (2021-10-21)

Full Changelog

Implemented enhancements:

• feat(os_hardening): extend file permission tasks to cover more files #489 [os_hardening] (cmhe)

Fixed bugs:

• mysql remove deprecated 'secure_auth' parameter in mysql #346
• change baseline urls to full zip-url #490 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• fix filter error in ansible.builtin.file mode parameter #486 [ssh_hardening] (ssttehrani)

Closed issues:

• Extend os_hardening minimize_access task to cover additional passwd/group/shadow/gshadow paths #488
• postgresql_hardening role #484
• os_hardening fails on "Create a combined sysctl-dict if overwrites are defined" task #482
• Improve changelog generation #381

7.11.0

Changelog

7.11.0 (2021-08-30)

Full Changelog

Implemented enhancements:

• Use log_error file and datadir from mysql_info settings instead of variables mysql_datadir and mysql_hardening_log_file #478 [mysql_hardening] (123quhiwiwk)
• Execute check of MySQL error logfile permissions on Debian 11 only when log_error is defined #477 [mysql_hardening] (123quhiwiwk)
• [mysql_hardening] Setup defaults for MySQL on FreeBSD #474 [mysql_hardening] (sdwilsh)

Closed issues:

• MariaDB hardening fails, because log_error file is missing [Debian 11] #476

Merged pull requests:

• ssh_allow_tcp_forwarding is not a boolean #480 [ssh_hardening] (ReinerNippes)
• chore(ssh_hardening): set min_ansible_version to >=2.9.10 #479 [ssh_hardening] (bufferoverflow)

7.10.0

Changelog

7.10.0 (2021-08-15)

Full Changelog

Fixed bugs:

• mysql_hardening cannot work with mysql on freebsd #472

Closed issues:

• run ansible-lint only once in Github Actions #398

Merged pull requests:

• use Ansible lint in separate task #475 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• [mysql_hardening] Allow setting the mysql_distribution #473 [mysql_hardening] (sdwilsh)
• SSH Hardening: backtick typo #471 [ssh_hardening] (Slamdunk)
• fix license in galaxy #469 (rndmh3ro)