ansible-collection-hardening
ansible-collection-hardening copied to clipboard
dev-sec
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
Hi guys, I'm an ansible n00b and the os hardening isn't working for me. I wrote a simple playbook like in the default ``` - hosts: localhost become: true ignore_errors:...
**Describe the bug** Since debian 9's nginx does not support TLSv1.3, we split the configuration here: https://github.com/dev-sec/ansible-collection-hardening/pull/526 When Debian 9 is deprecated, we should revert this.
**Is your feature request related to a problem? Please describe.** We need to support Debian 11. **Describe the solution you'd like** We need a new container: https://github.com/rndmh3ro/docker-ansible/ **Describe alternatives you've...
In the readme.md of the archived old ssh hardening role (https://github.com/dev-sec/ansible-ssh-hardening) you're explaining that this role disables by default the sftp ssh-module which is used by ansible for various commands...
**Is your feature request related to a problem? Please describe.** We need to create task to change the mount-options as described here: https://github.com/dev-sec/linux-baseline/pull/164 **Describe the solution you'd like** A new...
In the `os-hardening` role PAM seems to be configured using the `/usr/share/pam-configs` [here](https://github.com/dev-sec/ansible-collection-hardening/blob/29945527b8de6dab50e5aacb0c92485120b79d60/roles/os_hardening/tasks/pam_debian.yml#L13), which are not configuration files, but directly package files. According to the [PAM Config Framework Specification](https://wiki.ubuntu.com/PAMConfigFrameworkSpec) those...
**Describe the bug** After applying devsec.hardening.os_hardening role with the default settings the /usr/libexec/pcp/bin/pmlogger_daily command (and pmlogger_daily.service) fails. pmlogger_daily is responsible for doing log rotation for pmlogger, and when it fails...
see Telekom 2021.07-01 SoC 3.65 Req32-37 Public [Telekom Security - Requirements](https://www.telekom.com/resource/blob/327540/0af4a73d01334926f71d5530a2c2477e/dl-security-requirements-data.zip)
CIS has this benchmark which I think makes sense: > Description: The su command allows a user to run a command or shell as another user. The program has been...
**Is your feature request related to a problem? Please describe.** We need to write some tests for the MySQL user-deletion tasks since we already got two bugs. **Describe the solution...