ansible-collection-hardening
ansible-collection-hardening copied to clipboard
dev-sec
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
As discussed in https://github.com/dev-sec/ansible-collection-hardening/pull/771, this MR ensure that SSH is installed
### Description Currently only Ubuntu releases up to 22.04 are supported. Ubuntu 24.04 was released a month ago, and would be great to have it fully supported. ### Solution Implement...
### Description Running the role `ssh_hardening` on Debian 12.0 Bookworm seems to fail at the ` Create sshd_config and set permissions to root/600` step. ### Reproduction steps ```Shell Run the...
### Description Running os_hardening again Ubuntu 24.04 (on Pi5). ### Reproduction steps ```Shell ... Run a playbook much like this: - name: "Roles which apply to all hosts." hosts: -...
Problem with os_always_ignore_users --> template error while templating string: no test named 'in'
### Description I have installed latest ansible. I am running Python 2.7. Ansible is installed using pip. This is my playbook: ``` - hosts: newhardenings become: true gather_facts: true collections:...
### Description Seems like you cannot remount /proc (anymore? never could? unsure) for LXC containers, at least in some cases. It is persistently failing with the following error here (Ubuntu...
This will allow to enable password-based login for sftp, while it is still disabled for ssh connections. To prevent a breaking change, this new option `sftp_password_login` inherits from `ssh_server_password_login`
### Description It appears that 1777 is interpreted as decimal, and gets converted to 03361 octal. The workaround is to override these default vars to '01777'. ### Reproduction steps ```Shell...
### Description Allow configuring the name_format variable in auditd config as this is currently hardcoded to none ### Solution Adding a new variable in ansible to control this configuration setting...
### Description Disabled `ssh.socket` from https://github.com/dev-sec/ansible-collection-hardening/pull/769 caused upgrade of Ubuntu from 22.04 to 24.04 to fail. ### Reproduction steps ```Shell 1) I have server with 22.04 with ssh hardening applied...
