7.13.2

Changelog

7.13.1

Changelog

7.13.1 (2021-11-23)

Full Changelog

Closed issues:

• Unable to use 7.13.0 Release #503

7.13.0

Changelog

7.13.0 (2021-11-15)

Full Changelog

Implemented enhancements:

• os_hardening: Provide a whitelist for yum repositories with non-signed RPMs #485
• Disable ctrl-alt-del key combination #496 [os_hardening] (lbayerlein)
• implement sysctl-34 - link protection settings #494 [os_hardening] (rndmh3ro)
• Add TLSv1.3 to nginx default configuration #470 [nginx_hardening] (ksaadDE)

Closed issues:

• Please create the collection in ansible-galaxy #407

Merged pull requests:

• Improve testing: install packages on Arch Linux #499 [os_hardening] [ssh_hardening] (darxriggs)
• add old role names to tags in Galaxy #495 (schurzi)
• update minimum ansible version for roles #493 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• revive old tests with custom ssh settings #491 (rndmh3ro)
• Add whitelist option for yum repository files #487 [os_hardening] (darxriggs)

7.12.0

Changelog

7.12.0 (2021-10-21)

Full Changelog

Implemented enhancements:

• feat(os_hardening): extend file permission tasks to cover more files #489 [os_hardening] (cmhe)

Fixed bugs:

• mysql remove deprecated 'secure_auth' parameter in mysql #346
• change baseline urls to full zip-url #490 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• fix filter error in ansible.builtin.file mode parameter #486 [ssh_hardening] (ssttehrani)

Closed issues:

• Extend os_hardening minimize_access task to cover additional passwd/group/shadow/gshadow paths #488
• postgresql_hardening role #484
• os_hardening fails on "Create a combined sysctl-dict if overwrites are defined" task #482
• Improve changelog generation #381

7.11.0

Changelog

7.11.0 (2021-08-30)

Full Changelog

Implemented enhancements:

• Use log_error file and datadir from mysql_info settings instead of variables mysql_datadir and mysql_hardening_log_file #478 [mysql_hardening] (123quhiwiwk)
• Execute check of MySQL error logfile permissions on Debian 11 only when log_error is defined #477 [mysql_hardening] (123quhiwiwk)
• [mysql_hardening] Setup defaults for MySQL on FreeBSD #474 [mysql_hardening] (sdwilsh)

Closed issues:

• MariaDB hardening fails, because log_error file is missing [Debian 11] #476

Merged pull requests:

• ssh_allow_tcp_forwarding is not a boolean #480 [ssh_hardening] (ReinerNippes)
• chore(ssh_hardening): set min_ansible_version to >=2.9.10 #479 [ssh_hardening] (bufferoverflow)

7.10.0

Changelog

7.10.0 (2021-08-15)

Full Changelog

Fixed bugs:

• mysql_hardening cannot work with mysql on freebsd #472

Closed issues:

• run ansible-lint only once in Github Actions #398

Merged pull requests:

• use Ansible lint in separate task #475 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• [mysql_hardening] Allow setting the mysql_distribution #473 [mysql_hardening] (sdwilsh)
• SSH Hardening: backtick typo #471 [ssh_hardening] (Slamdunk)
• fix license in galaxy #469 (rndmh3ro)

7.9.0

Changelog

7.9.0 (2021-07-22)

Full Changelog

Implemented enhancements:

• Allow configuration of password remember in pam #467 [os_hardening] (m41kc0d3)
• Add CVE-2021-33909 mitigations #466 [os_hardening] (kravietz)
• Add SUB_UID_MIN/MAX/COUNT, SUB_GID_MIN/MAX/COUNT #463 [os_hardening] (elgalu)
• Add os_auth_uid_max, os_auth_gid_max #461 [os_hardening] (elgalu)

Closed issues:

• MySQL hardening fails because of missing attribute #464
• devsec.hardenting.os_hardening breaks pmlogger_daily on Oracle Linux 8 (maybe RHEL 8 too) #460
• add "when" statements for every import_tasks in hardening.yml #453

Merged pull requests:

• update metadata to include community.mysql deps #465 (rndmh3ro)

7.8.0

Changelog

7.8.0 (2021-07-01)

Full Changelog

Implemented enhancements:

• SHA_CRYPT_MIN_ROUNDS should be increased in login.defs #365 [os_hardening]
• Add support for Rocky Linux 8 #454 [mysql_hardening] [os_hardening] [ssh_hardening] (sherwind)
• make sha rounds configurable and increase no of rounds #452 [os_hardening] (rndmh3ro)

Fixed bugs:

• add tag always to os dependent vars task #456 [mysql_hardening] [os_hardening] [ssh_hardening] (schurzi)
• Use include_tasks for os_hardening/main.yml #451 [os_hardening] (coadler)

Closed issues:

• add "when" statements for every import_tasks in hardening.yml #453
• Disable IPv6 | sysctl-18 net.ipv6.conf.all.disable_ipv6: 1 #406 [os_hardening]

Merged pull requests:

• Cleanup old OS-support and simplify vars #458 [os_hardening] [ssh_hardening] (rndmh3ro)
• add rocky linux 8 tests and make sure that all relevant tasks are execd #457 [mysql_hardening] [nginx_hardening] [os_hardening] [ssh_hardening] (rndmh3ro)
• add "when" statements in hardening.yml(#453) #455 [os_hardening] (jqiuyin)
• enable ipv6 globally #450 [os_hardening] [ssh_hardening] (rndmh3ro)

7.7.0

Changelog

7.7.0 (2021-05-24)

Full Changelog

Implemented enhancements:

• Add tasks for new controls #123
• ssh_allow_tcp_forwarding remote option added #447 [ssh_hardening] (alimli)

Fixed bugs:

• Warning: iptables-legacy tables present, Debian 10 #274
• Check for MariaDB Version when selecting users without passwords #444 [mysql_hardening] (neubi4)
• Adds dependency on ansible.posix and community.general #415 (irl)

Closed issues:

• No dependency on ansible.posix collection #414
• No dependency on community.general #413
• in lxc/docker/openvz IPv6 is always disabled by ufw-configuration #402
• Allow login_unix_socket to be specified #327

Merged pull requests:

• Removed sysctl that tries to disable IPv6 #449 [os_hardening] (lduesing)
• limit changelog labels to role names #448 (schurzi)
• add back labels to changelog #446 (rndmh3ro)

7.6.0

Changelog

7.6.0 (2021-04-27)

Full Changelog

Implemented enhancements:

• ssh: Client HostKeyAlgorithms configuration variable #442 (sepek)

Fixed bugs:

• mysql USER and HOST should be quoted for drop query #443 (neubi4)

Closed issues:

• Support HostKeyAlgorithms configuration for ssh_client file #441

Merged pull requests:

• fixed a typo in comments #439 (ssttehrani)