Comments (6)
Yes and yes.
I am going to review the whole playbook anyway, so will gladly contribute.
from ansible-collection-hardening.
Yes there are actually more sysctl-settings missing. We forgot to add them back when we changed where the sysctl-vars are defined. It happened here: 8747be1, our testing was not good then.
If you want, you can fix this. It should just be a matter of adding all parameters according to linux-baseline in defaults/main.yml
in the sysctl_config:
block.
You'll have to test locally with vagrant though, because in docker setting sysctl-settings does not work.
from ansible-collection-hardening.
Do you want to maintain Ansible 1.9 compatibility?
Because with 2.x we could nicely combine dictionaries and allow defining only the delta settings instead of forcing user to define the whole sysctl_config
.
1.9 is already three releases behind.
from ansible-collection-hardening.
As for 1.9 support, see this thread: #110
In short: No.
For combining, I guess you mean the combine filter. Yes, that's a good idea.
Do you want to create a PR?
from ansible-collection-hardening.
Hey @techraf, I went ahead and created a PR to overwrite single sysctl-settings. Would you mind taking a look? #120
from ansible-collection-hardening.
Closed by #120
from ansible-collection-hardening.
Related Issues (20)
- Job for auditd.service invalid HOT 4
- ssh_hardening ipv6 HOT 2
- No such file directory error triggered by the kernel.unprivileged_userns_clone configuration HOT 1
- Feature Request: Alpine support for ssh hardening HOT 1
- Make value of kernel.unprivileged_userns_clone depending on kernel version HOT 4
- Test multiple supported Ansible versions HOT 2
- Extend ansible-lint testing to cover our test cases
- Amazon Linux gpg check fails HOT 1
- Fails to install HOT 2
- 9.0.0 version number in galaxy.yml file is wrong HOT 1
- harden permissions for directory mount /var/log fails for minimized Ubuntu 22.04 HOT 2
- syslog-group not existing in Ubuntu 22.04 minimal HOT 1
- Ansible Linting HOT 2
- Task "Configure hardened options for mounts" overrides fstab entries with UUID or LABEL as source with device path HOT 2
- Make Publickey authentication configurable HOT 1
- Error: Missing privilege separation directory: /run/sshd HOT 3
- Add pam.d flags to maintain compatiblity with FreeIPA deployments. HOT 1
- `ssh_gateway_ports` is documented to accept 'clientspecified' string, but only accepts bools
- os_hardening fails when setting vm.mmap_rnd_bits HOT 3
- Release 9.0.2 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-collection-hardening.