2.4.0 (2019-02-25)
Closed issues:
- need to account for sshd version when checking UseRoaming in
ssh\_config#121 - profile fails inspec check #101
- Deprecated option #95
Merged pull requests:
- 2.4.0 #124 (chris-rock)
- Allow prohibit-password as PermitRootLogin value #123 (jeremy-clerc)
- UseRoaming is deprecated, only check on older versions #122 (rndmh3ro)
- Fix os detection #120 (IceBear2k)
- Update issue templates #118 (rndmh3ro)
- Fixup of UsePrivilegeSeparation deprecation for Amazon #117 (artem-sidorenko)
- Deprecated UsePrivilegeSeparation for Fedora/Amazon #116 (artem-sidorenko)
- UseLogin is deprecated #114 (artem-sidorenko)
- Add separate PrivilegeSeparation check for Ubuntu 1804 #113 (rndmh3ro)
- allow some customization of expected values depending on attributes #112 (juju4)
- Avoid checking deprecated optinos for OpenSSH >=7.6 #110 (artem-sidorenko)
- Avoid failing on EL 6 family and OpenSuse Leap 42 #109 (artem-sidorenko)
- add debian 9 support #106 (rndmh3ro)
- adding ubuntu bionic support #104 (attachmentgenie)
- Initial support for Alpine Linux #102 (radhus)
2.3.2 (2018-04-20)
Merged pull requests:
2.3.1 (2018-02-13)
Closed issues:
- No git tag for 2.3.0 #96
Merged pull requests:
- Modified the client_alive_interval default to suggested value #98 (iennae)
- Support Amazon Linux #97 (woneill)
2.3.0 (2017-12-01)
Closed issues:
- OpenSSH 7.6 deprecated MACs #93
Merged pull requests:
- remove ripemd160 MAC from the macs66 list #94 (atomic111)
- use recommended spdx license identifier #90 (chris-rock)
- CI: update to ruby 2.4.1 and rubocop 0.49 #89 (artem-sidorenko)
- Support of OpenSuse Leap 42.2 #88 (artem-sidorenko)
2.2.0 (2017-05-08)
Merged pull requests:
- update copyright name #87 (chris-rock)
- update metadata #86 (chris-rock)
- restrict ruby testing to version 2.3.3 and update gemfile #85 (atomic111)
- Proper tests for Opensuse leap 42.1 #84 (artem-sidorenko)
- Fix check for os.darwin #83 (techraf)
- Add openssh definitions for macos #82 (artem-sidorenko)
- Add support for oracle #80 (artem-sidorenko)
- Algorithm/Hostkey tests for different platforms #79 (artem-sidorenko)
- Test the strong DH primes #77 (artem-sidorenko)
- Removal of DSA key #76 (artem-sidorenko)
- Ignore inspec.lock file #73 (techraf)
- Remove the PAM deactivation enforcement #72 (artem-sidorenko)
2.1.1 (2016-12-22)
Closed issues:
- Compare ciphers as array? #70
- Error performing inspec exec https://github.com/dev-sec/tests-ssh-hardening #66
Merged pull requests:
- update profile metadata & tooling #71 (chris-rock)
- update Gemfile and remove ruby 1.9.3 support #69 (arlimus)
- Test server config for Banner and DebianBanner #67 (tsenart)
- pin rack version #65 (chris-rock)
- rename sshd-30 #64 (attachmentgenie)
- Fixing inspec tests for ubuntu hosts #63 (attachmentgenie)
2.1.0 (2016-07-27)
Closed issues:
- ListenAddress #45
Merged pull requests:
- Use new ciphers, kex, macs and priv separation sandbox for redhat family 7 #62 (atomic111)
- Fixing typo in sshd_spec.rb #61 (brimstone)
- Fix: Issue ListenAddress #45 (#45) and added check for SSH Client Bug CVE-2016-0777 and CVE-2016-0778 #60 (atomic111)
- changed from hardening-io to dev-sec in README.md and added ubuntu and centos version to ssh_crypto.rb #59 (atomic111)
2.0.0 (2016-04-28)
Fixed bugs:
- bugfix: use new inspec load mechanism #58 (chris-rock)
Merged pull requests:
- migrate to InSpec profile #56 (chris-rock)
1.2.0 (2016-04-25)
Closed issues:
- No easy way to install Ansible on all OS's #47
Merged pull requests:
- 1.2.0 #57 (chris-rock)
- Symlinks real suite names to "default" #55 (conorsch)
- complet inspec tests #52 (atomic111)
- Improve Ansible tests #51 (rndmh3ro)
- Fix typos #50 (rndmh3ro)
- update urls #49 (chris-rock)
- feature: debian 8 support #48 (arlimus)
- Add Ansible support #46 (rndmh3ro)
- feature: UsePrivilegeSeparation = sandbox for ssh >= 5.9 #44 (arlimus)
1.1.1 (2015-01-14)
Merged pull requests:
- remove sha1-based key-exchange mechanisms #43 (arlimus)
- add json format option #42 (atomic111)
- reprioritize etm macs #41 (arlimus)
1.1.0 (2015-01-12)
Closed issues:
- undefined method `backend' for main:Object #32
Merged pull requests:
- feature: add back gcm #40 (arlimus)
- Descriptive spec #39 (arlimus)
- Update common #38 (arlimus)
- remove options that only apply to SSH protocol version 1 #37 (arlimus)
- Update common #36 (arlimus)
- Update common #34 (arlimus)
- support serverspec-2.0 #31 (bkw)
- changed GIS to DTAG SEC #30 (atomic111)
- bugfix: lint error #29 (chris-rock)
1.0.0 (2014-08-13)
Closed issues:
- HostKeys and OSes #13
- Comment-tests causing false-positives #5
- Unify required crypto for ssh server and client #4
- Add testing of ssh client config #3
Merged pull requests:
- bugfix: unlock user accounts during chef runs #28 (arlimus)
- test for UsePAM disabled #27 (arlimus)
- bugfix sed command location #26 (arlimus)
- Fix puppet user unlock #25 (arlimus)
- bugfix: unlock user accounts on test systems #24 (arlimus)
- Fix matches #23 (arlimus)
- update and fix rubocop #22 (ehaselwanter)
- common validator for client and server config #21 (chris-rock)
- add robocop rake task #20 (chris-rock)
- add ruby gem source #19 (chris-rock)
- added Telekom Security Requirement numbers to the corresponding kitchen test #18 (atomic111)
- add tests for debian 6 and 7 #17 (arlimus)
- add format html option #16 (ehaselwanter)
- remove host keys from checks #15 (arlimus)
- make the integration tests even more useful with standalone invocation #14 (ehaselwanter)
- Tests update #12 (arlimus)
- relax permissions on /etc/ssh and files #11 (arlimus)
- Tests update: remove comments + add conditional ciphers #10 (arlimus)
- add lockfiles and delete them from tree #9 (ehaselwanter)
- streamline rubocop, fix issue which comes with this change #8 (ehaselwanter)
- rubocop fixes #7 (ehaselwanter)
- use a per suite manifest #6 (ehaselwanter)
- changed AllowTcpForwarding and AllowAgentForwarding from yes to no #2 (atomic111)
- move the ssh tests to this new central location #1 (ehaselwanter)
* This Change Log was automatically generated by github_changelog_generator