ansible-collection-hardening
ansible-collection-hardening copied to clipboard
dev-sec
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
**Is your feature request related to a problem? Please describe.** I want to use nginx_hardening on FreeBSD (add jail to the complexity). Currently the path to nginx.conf is "hardcoded" **Describe...
**Describe the bug** If you use the os-hardening role on RHEL 8 os it disables authconfig pam settings and enables your config. If the server is AD-joined it is no...
**Describe the bug** "os_auth_pw_min_age" and "os_auth_pw_max_age" of the linux_hardening role affect only newly created user - not existing users. Since "logins.def" is used to enforce the settings, https://manpages.ubuntu.com/manpages/bionic/en/man5/login.defs.5.html shows a...
### Description The Ansible roles should be linted. example: `1423 yaml[comments]: Too few spaces before comment 1424 collections/ansible_collections/devsec/hardening/roles/ssh_hardening/defaults/main.yml:109 finffine` ### Solution Use https://github.com/ansible/ansible-lint and https://github.com/adrienverge/yamllint to lint all roles. ###...
We set the group for the `/var/log`-dir to `syslog`, but on ubuntu 22.04 (and possibly others) there is no syslog-group by default.
### Description Currently we use the most recent Ansible version to run our tests. But our collection supports also older Ansible releases. To make sure we stay compatible, we need...
I'm working on adding PostgreSQL hardening role to this collection.
### Description I updated my ansible collection to use the latest release 9.0.0 expecting a common issue I was having in my playbooks to have being solved, but after the...
### Description It would be nice to have support for Alpine Linux in the various parts of this collection. In particular I'm interested in the SSH hardening part. Better security...
### Description This bug featured in issue #514 now also affects Debian systems, see https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#linux-user-namespaces. ### Reproduction steps ```Shell ... ``` ### Current Behavior ... sysctl: cannot stat /proc/sys/kernel/unprivileged_userns_clone: No...
