Changelog
8.5.0 (2023-01-31)
Implemented enhancements:
- Add support for /etc/auditd.conf num_logs to go with max_log_file_action #616
- password ageing not enforced #570
- Rewrite system account detection and hardening and create tests #621 [os_hardening] [ssh_hardening] (rndmh3ro)
- Add support for /etc/auditd.conf num_logs to go with max_log_file_action #617 [os_hardening] (richardlock)
- Preserve default ownership and dir mode for /var/log on Ubuntu #615 [os_hardening] (stdtom)
- rewrite user home dir hardening #584 [os_hardening] (DonEstefan)
- apply password age settings to exisiting regular users #582 [os_hardening] (DonEstefan)
- Parametrize more auditd.conf options #535 [os_hardening] (kravietz)
Fixed bugs:
- os_hardening is setting wrong ownership for /var/log on Ubuntu #614
- [os_hardening] Task for setting
initramfsmodules does not match its condition #590 [os_hardening] - Support for Amazon Linux 2 #624 [ssh_hardening] (mmitnyan)
Deprecated:
- deprecate rebuilding of initramfs #618 [os_hardening] (rndmh3ro)
Closed issues:
- Ubuntu 22.04 vars file missing? #619
- SSH KexAlgorithms causes SSH daemon to fail #500
- Playbook won't run for hardening #462
Merged pull requests:
- do not let dependabot label our prs #626 (rndmh3ro)
- run linting only when files inside roles change #625 (rndmh3ro)
- cancel running tests if new commit to branch is made #622 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
- Fixed problems with running molecule locally with cgroup v2 #620 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
- Bump actions/setup-python from 1 to 4 #611 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (dependabot[bot])
- Bump creyD/prettier_action from 3.1 to 4.2 #610 (dependabot[bot])
- linting #603 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)