automation: Update devsec.hardening to version 8 - autoclosed
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| devsec.hardening (source) | galaxy-collection | major |
7.14.1 -> 8.2.0
|
Release Notes
dev-sec/ansible-collection-hardening
v8.2.0
Implemented enhancements:
- Add nginx variables for config-path and owner/group #578 [nginx_hardening] (hagenbauer)
- add centos >8 Support #573 [ssh_hardening] (sbaerlocher)
- add always-tag to include so other tags can be used #569 [os_hardening] (rndmh3ro)
Closed issues:
- Bug using os_hardening "tags" #567
v8.1.0
Closed issues:
- dev-sec CI bot should not update CHANGELOG.md in fork repository #566
Merged pull requests:
- update supported OS in meta and fix linting #572 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
- fix misleading comment #571 [os_hardening] (donestefan)
- only run release actions on upstream-repo #568 (rndmh3ro)
v8.0.0
Breaking changes:
- change default to allow SFTP #564 [ssh_hardening] (schurzi)
Implemented enhancements:
- add possibility to keep .netrc files in users homedir #563 [os_hardening] (PhilippFunk)
- rework filesystem hardening #555 [os_hardening] (divialth)
Closed issues:
- Error in Task 'Create sshd_config and set permissions to root/600' #565 [ssh_hardening]
- [ssh_hardening] Debian 11 - Ansible cannot transfer files #557
- Add the old SFTP-Reminder to the stable ssh_hardening role for ansible #521
v7.16.0
Implemented enhancements:
- revert debian 9 change, only one tls variable now #562 [nginx_hardening] (rndmh3ro)
- add posibility to run ssh_hardening as unprivileged user #561 [ssh_hardening] (schurzi)
- add basic support for ubuntu22.04 #554 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (schurzi)
- Add full support for Debian 11 #538 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (addianto)
Fixed bugs:
- Replace default 2048 bits RSA keypair fails on Ubuntu 20.04 #459
Closed issues:
- os-hardening: yum gpg-check fails if gpg-check already set #556
- Ubuntu 22.04 LTS #553
- Revert nginx ssl-protocol after deprecation of debian9 #528
- Support for Debian 11 #527
- Support baseline-control os-14 #507
v7.15.1
Fixed bugs:
- Fix broken mode for /var/log/audit #552 [os_hardening] (hollow)
Merged pull requests:
- Only run hardening if /var/log/audit exists #550 [os_hardening] (mego22)
v7.15.0
Implemented enhancements:
- Harden mountpoints #531 [os_hardening] (lbayerlein)
Fixed bugs:
- os_hardening gpg-check enabled fails on success #549 [os_hardening]
- add VM tests for os_hardening #547 [os_hardening] (schurzi)
- Linting #546 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
v7.14.3
Closed issues:
- Version 7.14.2 not released to Ansible Galaxy #544
- os_hardening role: os_ignore_users not described in the Readme's variable topic #542
- doc: incorrect description for ssh_client_alive_count #540
- 'legacy' branch is mentioned in README, but apparently doesn't exist #539
- ansible_role_name is undefined #532
- Can't sudo anymore after hardening #518
- Any planned official support for RHEL/CentOS Stream 9? #517
Merged pull requests:
- Improve documentation #541 [ssh_hardening] (schurzi)
v7.14.2
Fixed bugs:
- debian 9's nginx doesn't support tls1.3 #526 [nginx_hardening] (rndmh3ro)
- Change permissions of the tmout.sh file #520 [os_hardening] (abejotaR)
Closed issues:
- No such file directory error triggered by the kernel.unpriviliged_userns_clone configuration. #514
Merged pull requests:
- delete obsolete release drafts #530 (schurzi)
- add waivers to skip controls #529 [os_hardening] (rndmh3ro)
- remove centos8 tests #525 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot. The local configuration can be found in the SI Renovate Bot repository.