Skip to content

Commit

Permalink
Merge pull request #797 from dev-sec/remdep
Browse files Browse the repository at this point in the history 
Remove unused files and variables
  • Loading branch information
@schurzi
schurzi authored Oct 4, 2024
2 parents ba5d025 + 2b495bf commit 3daba1f
Show file tree
Hide file tree
Showing 5 changed files with 4 additions and 121 deletions.
3 changes: 1 addition & 2 deletions molecule/os_hardening/converge.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,10 @@
vars:
os_security_users_allow: change_user
os_security_kernel_enable_core_dump: false
os_auditd_num_logs: 10
os_auditd_enabled: false
os_security_suid_sgid_remove_from_unknown: true
os_auth_pam_passwdqc_enable: false
os_auth_lockout_time: 15
os_desktop_enable: true
os_env_extra_user_paths: [/home]
os_auth_allow_homeless: true
os_security_suid_sgid_blacklist: [/bin/umount]
Expand Down
4 changes: 3 additions & 1 deletion molecule/os_hardening/verify.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,14 @@
http_proxy: "{{ lookup('env', 'http_proxy') | default(omit) }}"
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
vars:
os_auditd_enabled: false
os_env_umask: "027 #override"
tasks:
# test if variable can be overridden
- name: Workaround for https://github.com/ansible/ansible/issues/66304
ansible.builtin.set_fact:
ansible_virtualization_type: docker
os_env_umask: "027 #override"

- name: Include os_hardening role
ansible.builtin.include_role:
Expand Down
1 change: 0 additions & 1 deletion roles/os_hardening/defaults/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
---
os_desktop_enable: false
os_env_user_paths: [/usr/local/sbin, /usr/local/bin, /usr/sbin, /usr/bin, /sbin, /bin]
os_env_extra_user_paths: []
os_auth_pw_max_age: 60
Expand Down
4 changes: 0 additions & 4 deletions roles/os_hardening/meta/argument_specs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,6 @@ argument_specs:
short_description: The main entry point for the os hardening role.
version_added: 8.8.0
options:
os_desktop_enable:
default: false
type: bool
description: true if this is a desktop system, ie Xorg, KDE/GNOME/Unity/etc.
os_env_user_paths:
default: [/usr/local/sbin, /usr/local/bin, /usr/sbin, /usr/bin, /sbin, /bin]
type: list
Expand Down
113 changes: 0 additions & 113 deletions roles/os_hardening/templates/etc/initramfs-tools/modules.j2
View file

This file was deleted.

0 comments on commit 3daba1f

Please sign in to comment.