Releases: dev-sec/ansible-collection-hardening
Releases · dev-sec/ansible-collection-hardening
7.0.0
7.0.0 (2020-11-11)
Breaking changes:
Implemented enhancements:
- Breaking change in ansible-lint - set file permissions explicitly #299 [enhancement] [minor] [os_hardening]
- Improve Documentation #315 [enhancement] [os_hardening] (schurzi)
- Arch support #303 [enhancement] [minor] [os_hardening] (rndmh3ro)
- fix linting for molecule #301 [enhancement] [os_hardening] [patch] (schurzi)
- file permissions explicitly defined #300 [enhancement] [minor] [os_hardening] (danielkubat)
Fixed bugs:
- Task "set 10.hardcore.conf perms to 0400 and root ownership" fails in check mode #313 [bug] [patch]
- use touch for 10.hardcore.conf to avoid problems with dry-run #314 [bug] [patch] (schurzi)
- use touch with no date changes #310 [bug] [patch] (rndmh3ro)
- do not touch sysctl file to avoid idempotency problems #309 [bug] [patch] (rndmh3ro)
Closed issues:
- Any planned support for RHEL/CentOS 8? #298
Merged pull requests:
- prettier markdown files action added #322 (danielkubat)
- adjust permissions on shadow file on suse #311 [patch] (rndmh3ro)
6.2.0
Changelog
6.2.0 (2020-08-17)
Implemented enhancements:
- Optimize and unify when clause #295 (Alexhha)
- use find module instead of shell #294 (danielkubat)
- improve testing #287 (schurzi)
Fixed bugs:
- Inconsistent use of role vars/role defaults #284
- replace module parameter fixed #297 (danielkubat)
Closed issues:
- Consider using find module instead of shell #293
- Optimize logical OR in when clause #292
- vfat added to dev-sec.conf, but efi is used #288
- OpenSUSE Support #249
Merged pull requests:
- fix fedora build #296 (rndmh3ro)
- do not blacklist used filesystems #289 (schurzi)
- move hidepid vars into defaults so theyre overwritable #285 (rndmh3ro)
* This Changelog was automatically generated by github_changelog_generator
6.1.0
Changelog
6.1.0 (2020-07-21)
Implemented enhancements:
Fixed bugs:
- Is it safe to use on Debian 10? The build is failing. #281
Closed issues:
- The state of the galaxy release #269
Merged pull requests:
* This Changelog was automatically generated by github_changelog_generator
6.0.3
Changelog
6.0.3 (2020-06-06)
Merged pull requests:
* This Changelog was automatically generated by github_changelog_generator
6.0.2
Changelog
6.0.2 (2020-06-02)
Merged pull requests:
- purge insecure packages #275 (chris-rock)
* This Changelog was automatically generated by github_changelog_generator
6.0.1
ansible-os-hardening 6.0.0
6.0.0 (2020-04-13)
Possibly Breaking Changes:
- On systems were SELinux is installed, it is now set to
Enforcing.
Implemented enhancements:
- Configure audit=1 for more accurate auid auditing #253
- Add Debian Buster support for ansible-os-hardening #233
- Add CentOS 8 support for ansible-os-hardening #232
- Add selinux configuration #154
- Make useradd defaults in login.defs dependent on OS #266 (Aisbergg)
- Add kernel hardening parameters from Tails and CIS Benchmark #263 (kravietz)
- add ansible-lint #262 (rndmh3ro)
- Remove trailing space #261 (kravietz)
- Add kernel parameter information to README #259 (jaredledvina)
- Remove trailing whitespaces (ansible-lint 201) #254 (kravietz)
- Standardize the var ordering #251 (dustinmiller1337)
- Add intial support for OpenSUSE #250 (dustinmiller1337)
- Make max_log_file_action for auditd configurable #246 (jandd)
- Add exception in sysctl task #240 (okupriyanov)
- Fedora - Use new auto ansible_python_interpreter for dnf #239 (jaredledvina)
- add test support for CentOS8 #237 (yeoldegrove)
- Support configuring SELinux and default to enforcing #236 (jaredledvina)
- Add test support for debian buster #234 (123Haynes)
- Changed local var name to a less common one #231 (rgarrigue)
- Use ansible facts for vars #226 (joshuatalb)
Fixed bugs:
- Invalid Conditionals in user_accounts.yml #255
auth-systemrelated files are created for non-RHEL systems (e.g. Debian) #247- NSA website links are stale #227
- Running ansible on python3 throughs "TypeError: '<=' not supported between instances of 'str' and 'int'" #223
- [lots of] deprecation warnings in Ansible 2.8 #221
- Add a "don't fail on error" switch ? #148
- Addressing issue #255 #258 (ljkimmel)
- Fix #247, cleanup conditions #248 (fernandezcuesta)
- Fix error on applying the sysctl vars on containers #243 (okupriyanov)
- Update location of NSA RHEL 5 Guide #235 (jaredledvina)
Ansible-os-hardening 5.2.1
Ansible-os-hardening 5.2.0
5.2.0 (2019-05-04)
Implemented enhancements:
- Speed up "minimize access on found files" task #208
- Fedora support? #163
- remove eol'd OS and add new #217 (rndmh3ro)
- Add note about docker under warning #214 (ChrisMcKee)
- change minimize access tasks to speed them up #209 (rndmh3ro)
- Added fedora support #206 (jonaswre)
- Pass package list directly to apt and yum modules without using with_items loop #200 (Normo)
Fixed bugs:
- login.defs.j2 template: ENV_PATH is missing ':' before variable substitution #202
- 'sysctl_rhel_config' is undefined #167
- RHEL 7.4: Too many setuid bits removed #140
- Fix typo #212 (ruslo)
- Update modprobe to 0644 #211 (joshuatalb)
- Test Kitchen Vagrant Fixes #210 (joshuatalb)
- [readme] Update documentation link #207 (pmav99)
- fix ansible lint remarks #204 (rndmh3ro)
- add colon to user env paths - fix #202 #203 (rndmh3ro)
- Fix errors produced by ansible-lint #159 (zbrojny120)
Ansible-os-hardening 5.1.0
5.1.0 (2018-10-17)
Implemented enhancements:
Fixed bugs:
- auditd causing v5.0 to fail on unpriviledged LXC's #191
- Setting os_security_users_allow has no effect #175
- add /usr/bin/su to suid_guid whitelist #199 (ccolic)
- ensure that permissions to su-binary are not restricted to root user and group only, if os_security_users_allow contains the value change_user #197 (szEvEz)