Changelog

10.0.0 (2024-08-06)

Full Changelog

Implemented enhancements:

• option to disable regeneration of ssh private key #772
• Ubuntu 24.04 support #764
• Support systemd socket activation for sshd #763 [ssh_hardening]
• Release 9.0.2 #758
• Make Publickey authentication configurable #750
• Ansible Linting #747
• Make value of kernel.unprivileged_userns_clone depending on kernel version #727
• Ensure that ssh is installed (cf #771) #774 [ssh_hardening] (Byh0ki)
• ssh: explicitly enable or disable the service at boot #771 [ssh_hardening] (Byh0ki)
• disable systemd socket activation #769 [ssh_hardening] (rndmh3ro)
• Add ssh_pubkey_authentication variable to ssh hardening #749 [ssh_hardening] (debbabi)

Fixed bugs:

• ssh hardening role fails when ssh_permit_root_login var is set on ubuntu 24.04 #768
• os_hardening fails when setting vm.mmap_rnd_bits #757
• ssh_gateway_ports is documented to accept 'clientspecified' string, but only accepts bools #755
• Error: Missing privilege separation directory: /run/sshd #752
• harden permissions for directory mount /var/log fails for minimized Ubuntu 22.04 #741
• Update Debian compatibility #784 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (schurzi)
• do not force type of ssh_gateway_ports #765 [mysql_hardening] [os_hardening] [ssh_hardening] (rndmh3ro)

Merged pull requests:

• Update to current Fedora releases #783 [os_hardening] [ssh_hardening] (schurzi)
• Remove deprecated rebuild of initrd #782 [os_hardening] (schurzi)
• chore(deps): update patrickjahns/version-drafter-action digest to 2076fa4 #781 (renovate[bot])
• chore(deps): update ansible/ansible-lint digest to 95382d3 #779 (renovate[bot])
• chore(deps): update actions/setup-python digest to 39cd149 #778 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (renovate[bot])
• remove tests for FreeBSD12 since it's out of support #777 [ssh_hardening] (schurzi)
• chore(deps): pin dependencies #776 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (renovate[bot])
• Use best-practice preset for renovate #775 (schurzi)
• Deprecate Centos Stream 8 #770 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• centos7 is eol, remove it #767 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• fix spelling #766 [os_hardening] [ssh_hardening] (rndmh3ro)
• ci: define permissions for enforce-labels workflow #760 (fgreinacher)
• Update dependency ansible-core to v2.16.5 #754 (renovate[bot])
• Update dependency ansible-core to v2.16.4 #751 (renovate[bot])
• Update ansible/ansible-lint action to v24 #745 (renovate[bot])
• Always update Vagrant Boxes before using #744 (schurzi)
• Remove Docker containers on self-hosted runner after tests #743 (schurzi)
• Update dependency ansible-core to v2.16.3 #742 (renovate[bot])