Changelog
10.0.0 (2024-08-06)
Implemented enhancements:
- option to disable regeneration of ssh private key #772
- Ubuntu 24.04 support #764
- Support systemd socket activation for sshd #763 [ssh_hardening]
- Release 9.0.2 #758
- Make Publickey authentication configurable #750
- Ansible Linting #747
- Make value of kernel.unprivileged_userns_clone depending on kernel version #727
- Ensure that ssh is installed (cf #771) #774 [ssh_hardening] (Byh0ki)
- ssh: explicitly enable or disable the service at boot #771 [ssh_hardening] (Byh0ki)
- disable systemd socket activation #769 [ssh_hardening] (rndmh3ro)
- Add ssh_pubkey_authentication variable to ssh hardening #749 [ssh_hardening] (debbabi)
Fixed bugs:
- ssh hardening role fails when
ssh_permit_root_loginvar is set on ubuntu 24.04 #768 - os_hardening fails when setting vm.mmap_rnd_bits #757
ssh_gateway_portsis documented to accept 'clientspecified' string, but only accepts bools #755- Error: Missing privilege separation directory: /run/sshd #752
- harden permissions for directory mount /var/log fails for minimized Ubuntu 22.04 #741
- Update Debian compatibility #784 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (schurzi)
- do not force type of ssh_gateway_ports #765 [mysql_hardening] [os_hardening] [ssh_hardening] (rndmh3ro)
Merged pull requests:
- Update to current Fedora releases #783 [os_hardening] [ssh_hardening] (schurzi)
- Remove deprecated rebuild of initrd #782 [os_hardening] (schurzi)
- chore(deps): update patrickjahns/version-drafter-action digest to 2076fa4 #781 (renovate[bot])
- chore(deps): update ansible/ansible-lint digest to 95382d3 #779 (renovate[bot])
- chore(deps): update actions/setup-python digest to 39cd149 #778 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (renovate[bot])
- remove tests for FreeBSD12 since it's out of support #777 [ssh_hardening] (schurzi)
- chore(deps): pin dependencies #776 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (renovate[bot])
- Use best-practice preset for renovate #775 (schurzi)
- Deprecate Centos Stream 8 #770 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
- centos7 is eol, remove it #767 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
- fix spelling #766 [os_hardening] [ssh_hardening] (rndmh3ro)
- ci: define permissions for enforce-labels workflow #760 (fgreinacher)
- Update dependency ansible-core to v2.16.5 #754 (renovate[bot])
- Update dependency ansible-core to v2.16.4 #751 (renovate[bot])
- Update ansible/ansible-lint action to v24 #745 (renovate[bot])
- Always update Vagrant Boxes before using #744 (schurzi)
- Remove Docker containers on self-hosted runner after tests #743 (schurzi)
- Update dependency ansible-core to v2.16.3 #742 (renovate[bot])