Puppet Os Hardening Versions Save

This puppet module provides numerous security-related configurations, providing all-round base protection.

2.4.0

6 months ago
  • Compability for Puppet version 8

2.3.3

1 year ago

Changes in v2.3.3

  • fix CI: use docker driver for transfering files (#290)
  • Disable new check 'os-14' for automated testing (#291)
  • Restore ability to override /etc/shadow file permissions and group owner (#293)
  • move to CentOS 8 Stream from quay.io (#295)
  • fix(pam_passwdqc): remove accidental paste from pam_passwdqc.erb (#299)

2.3.2

2 years ago

Changelog generator still broken, sorry

Really new in v2.3.2

  • Backwards incompatible breaking change in PR279 #284
  • Backwards incompatible breaking change in PR279 (#284) #285 (earthgecko)

2.3.1

2 years ago

Changelog generator problem - older changes included in current delta

Implemented enhancements:

  • Add support for Puppet 7 #267
  • allow defining parameters in hiera #248
  • Add integration tests for current platforms #172
  • Add Puppet 7 tests + new versions #282 (mcgege)
  • Remove Puppet v5 support + tests #281 (mcgege)
  • update to PDK template 2.1.1 #278 (mcgege)
  • Add documentation on hiera usage (see #248) #274 (mcgege)
  • Update to PDK 2.0 template #273 (mcgege)
  • Fix: Dead links result in an error #271 #272 (LooOOooM)
  • move to github actions #264 (schurzi)
  • fixed alignment of properties and indentation #263 (hp197)
  • Added manage_system_users option and formatted properties #262 (hp197)
  • use new syntax for stub in rspec #259 (schurzi)
  • Fix + switch for arp_ignore #256 (mcgege)
  • Move from inspec to cinc #238 (mcgege)

Fixed bugs:

  • Activate manage_cron_permissions to satisfy cron tests #269 (mcgege)
  • Solve bundle problem on automated tests #268 (mcgege)
  • add source for chef-utils gem (bundle confusion) #265 (mcgege)
  • Revert "secure_redirects should be set to 1 (default)" #260 (mcgege)
  • Switch to Inspec 4 to break bundler loop #257 (mcgege)

Closed issues:

  • New warning - max_files - exceeds the default soft limit 1000 #279
  • enable_log_martians to false are logged #277
  • Dead links result in an error #271
  • Duplicate declaration #270
  • Using relative file modes can result very wrong in some cases #222

Merged pull requests:

2.3.0

3 years ago

Implemented enhancements:

  • Use CINC (instead of InSpec 4) #212
  • move to github actions #264 (schurzi)
  • fixed alignment of properties and indentation #263 (hp197)
  • Added manage_system_users option and formatted properties #262 (hp197)
  • use new syntax for stub in rspec #259 (schurzi)
  • Move from inspec to cinc #238 (mcgege)

Fixed bugs:

  • Fix Travis tests #255
  • add source for chef-utils gem (bundle confusion) #265 (mcgege)

2.2.11

3 years ago

Fixed bugs:

  • Revert "secure_redirects should be set to 1 (default)" #260 (mcgege)

Closed issues:

  • Default $arp_restricted=true breaks Calico overlay network #254

2.2.10

3 years ago

Implemented enhancements:

  • Fix + switch for arp_ignore #256 (mcgege)

Fixed bugs:

  • Switch to Inspec 4 to break bundler loop #257 (mcgege)

Closed issues:

  • os_hardening failing on centos7 #241

Merged pull requests:

  • Disable sysctl configuration #253 (Tahitibob35)

2.2.9

3 years ago

Implemented enhancements:

  • More secure kernel settings #250 (mcgege)
  • Set SHA_CRYPT_*_ROUNDS (Telekom security req linux-10) #249 (mcgege)
  • Update to PDK 1.18.1 #242 (mcgege)

Merged pull requests:

  • Adapt Travis to puppetlabs standard #247 (mcgege)
  • Small fixes #243 (mcgege)

2.2.8

4 years ago

Implemented enhancements:

  • Updates from pdk template 1.17.0 #236 (mcgege)

Fixed bugs:

  • Minimize_access to File [/usr/bin] issue #234
  • Fix for integration tests (apt-transport-https missing) #237 (mcgege)

Closed issues:

  • Conflicts with apache module #231

Merged pull requests:

  • patch-cumuluslinux-support #239 (mdklapwijk)
  • Update to PDK 1.15 #233 (mcgege)
  • Small fix on kitchen.yml #232 (mcgege)

2.2.7

4 years ago

Implemented enhancements:

  • If disabled service should also be stopped #226 (mcgege)
  • Manage files /etc/anacrontab and crontab equally #225 (mcgege)

Fixed bugs:

  • Travis-CI fix (kitchen / faraday broken?) #228 (mcgege)

Closed issues:

  • disabled_services should be stopped too #224
  • os_hardening::minimize_access should treat anacrontab the same as crontab #223

Merged pull requests:

  • CentOS 8 support #229 (mcgege)
  • Updates from pdk template 1.13.0 #227 (mcgege)
  • Updates from pdk template 1.12.0 #221 (mcgege)