ansible-collection-hardening
ansible-collection-hardening copied to clipboard
dev-sec
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
**Describe the bug** I get a failure when trying to set gpg-check to yum.conf **Expected behavior** Task exits cleanly **Actual behavior** ``` amazon-ebs.greenlight: TASK [dev-sec.os-hardening : activate gpg-check for config...
**Describe the bug** Fresh install of Ubuntu 20.04, simple playbook to apply ssh_hardening fails to regenerate the host key. **Actual behavior** ```paste below TASK [devsec.hardening.ssh_hardening : Parse openssh-version] ******************************************************************************************************************************************************************************* ok:...
it should be possible to still place a .netrc file in a users home dir if needed.
Signed-off-by: Martin Schurz
**Describe the bug** Hi, and thanks for your amazing collection ! I've been trying to use [ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/tree/master/roles/ssh_hardening) role. It work great, however, after running it once, I get an error...
- removed a lot duplicated code by using a loop - added new hardening options for /tmp - added new options "passno" and "dump" for every filesystem. currently ansible changed...
Ubuntu 22.04 LTS should be officially supported. Currently only Ubuntu up to 20.04 LTS is in the list of supported OS.
the task for `ctrl-alt-del.target` seems to not be idempotent. We should fix that. _Originally posted by @schurzi in https://github.com/dev-sec/ansible-collection-hardening/issues/547#issuecomment-1180456772_
**Describe the bug** If I understand correctly, the template file `etc/sysconfig/rhel_sysconfig_init.j2` won't work on RHEL7 and newer, since it uses "systemd" instead of "init". I assume the "Daemon umask" (NSA...
**Is your feature request related to a problem? Please describe.** Currently we have two variables that control the motd: ``` ssh_print_motd Default: false Description: false to disable printing of the...