Ansible role to apply a security baseline. Systemd edition.
ufw_rate_limit
variable by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/608
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v2.0.4...v2.1.0-rc.2
ufw_rate_limit
variable by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/608
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v2.0.4...v2.1.0-rc.1
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v2.0.3...v2.0.4
aide_dir_exclusions
variable and use include directories if present by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/587
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v2.0.2...v2.0.3
sysctl_conf_dir
variable by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/572
auditd_enable_flag
variable by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/578
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v2.0.1...v2.0.2
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v2.0.0...v2.0.1
This is a breaking release, read the documentation and update any variables effected
Changes include, but are not limited to:
manage_aide
, manage_auditd
, manage_timesyncd
, manage_faillock
, manage_ssh
, manage_ufw
, manage_usbguard
, manage_resolved
, manage_rkhunter
, manage_compilers
are variables that can be set to false
if configuration of named services is done outside of this roleautomatic_updates: true
will install and configure dnf-automatic or unattended-upgrades, depending on the distributionsshd_update_moduli
variable, if set to true
, will download a updated moduli file from the konstruktoid/ssh-moduli repository.faillock
and password hash improvements by @cleberb in https://github.com/konstruktoid/ansible-role-hardening/pull/421
ufw_enable
to manage_ufw
and handle disconnects better by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/530
manage_resolved
by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/548
manage_rkhunter
and extend configuration by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/556
manage_compilers
variable and verification by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/559
AuthorizedPrincipalsFile
and TrustedUserCAKeys
to sshd
config by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/560
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v1.15.0...v2.0.0
manage_compilers
variable and verification by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/559
AuthorizedPrincipalsFile
and TrustedUserCAKeys
to sshd
config by @konstruktoid in https://github.com/konstruktoid/ansible-role-hardening/pull/560
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v2.0.0-rc.3...v2.0.0-rc.4
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v2.0.0-rc.2...v2.0.0-rc.3
Full Changelog: https://github.com/konstruktoid/ansible-role-hardening/compare/v2.0.0-rc.1...v2.0.0-rc.2