ansible-collection-hardening
ansible-collection-hardening copied to clipboard
dev-sec
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
**Describe the bug** The parameter os_auth_pw_remember has no effect on Ubuntu/Debian as far as I can tell, but this is not documented anywhere. **Expected behavior** os_auth_pw_remember should control how many...
**Describe the bug** I use the Dynamic MOTD defined by Ubuntu as default. Once the MOTD was disabled (by running the playbook with the default parameters) i could not reanbale...
**Describe the bug** 1. TCP Timestamps is disabled by the os_hardening role. I don't think it should. 2. The comment in `defaults/main.yml` is wrong. ``` # Protect against wrapping sequence...
Hello! This PR attempts to resolve #527 (adding support for Debian 11). Currently WIP. I noticed there are some issues with `ansible-lint` GitHub Actions and `mysql_hardening` test failed due to...
**Describe the bug** Because of the renaming of a **KEX** algorithm, an upgrade from Fedora 33 to 34 or 35, will cause the SSH daemon to crash on start with...
**Role** `os_hardening` **Description** The current PAM configuration for RHEL systems only supports SSSD for external user authentication. On systems where Winbind is used, the role will prevent users to login....
**Describe the bug** In the OS Hardening role SELinux will not be enabled if SELinux is already disabled **Expected behavior** Expect SELinux to be enabled and configured. **Actual behavior** ```paste...
Hello! My playbook is stating fs.protected_regular setting is changed, but it doesn't actually reflect in the system: ok: [localhost] => (item={u'key': u'net.ipv4.conf.all.arp_announce', u'value': 2}) ok: [localhost] => (item={u'key': u'net.ipv4.conf.all.rp_filter', u'value':...
**Describe the bug** The following parameters in auditd.conf were deprecated in audit-3.0: disp_qos = lossless dispatcher = /sbin/audispd This does NOT cause a failure, just a warning when running ausearch/aureport...
