ansible-collection-hardening
ansible-collection-hardening copied to clipboard
dev-sec
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
### Description Currently we use a simple set of criterias to remove unsecured users. This set excludes some of the usefull new features of newer MySQL versions. Also the current...
Hello, I have fixed the bug related to issue number #537. Fixed #537 Kind regards Mahdi Abbasi
### Description After executing os_hardening role on Debian servers [email protected] fails after server reboot. In my case my user has UID 1000, so `[email protected]` fails. ``` -- Boot af0d58da83704a77894a9f5655c15372 --...
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more. ## Open These updates have all been created already. Click a checkbox below to...
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot] avatar"){kind=avatar}
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [ansible-core](https://ansible.com/) ([source](https://togithub.com/ansible/ansible)) | `==2.16.5` -> `==2.17.1` |...
### Description The `ssh_gateway_ports` is documented to accept `yes`, `no` and `'clientspecified'`, yet the latter is a string and rejected by `type: bool`. https://github.com/dev-sec/ansible-collection-hardening/blob/db2bfc91da7654283d34e1154ae564a61e0ac0ef/roles/ssh_hardening/meta/argument_specs.yml#L89C7-L94C67 Seems ansible starting with 4.x validates...
### Description FreeIPA uses authselect to enforce various system policies, such as creating a home directory or enabling sudo support for users. dev-sec.os_hardening unconditionally overrides various system links such as:...
### Description Task: "Configure hardened options for mount {{ mount.path }}" in Task File **minimize_access_fs.yml** overrides all UUID, PARTUUID or LABEL entries in /etc/fstab with the device path. Impact: this...
Depends on: - https://github.com/dev-sec/docker-ansible/pull/49 - https://dl.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/ deployment to https://app.vagrantup.com/fedora (for some reason still shows only shows beta deployed) - probably needs some tweaks
