Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change inclusion of os specific defaults #353

Merged
merged 14 commits into from
Dec 20, 2020
Merged

change inclusion of os specific defaults #353

merged 14 commits into from
Dec 20, 2020

Conversation

schurzi
Copy link
Contributor

@schurzi schurzi commented Dec 16, 2020

we now include the os specific options into a separate variable and
merge this with the default ansible namespace, when the corresponding
keys do not already exist (eg. are defined by default oder by user)

Signed-off-by: Martin Schurz Martin.Schurz@t-systems.com

@schurzi schurzi mentioned this pull request Dec 16, 2020
Merged
@schurzi schurzi force-pushed the default_handling branch 2 times, most recently from b42e87e to 63f86a2 Compare December 16, 2020 15:39
@schurzi
Copy link
Contributor Author

schurzi commented Dec 16, 2020

seems to work allright. but we need to rollback the changes from #351 if we decide to go down this path

@schurzi schurzi changed the title WIP: change inclusion of os specific defaults change inclusion of os specific defaults Dec 17, 2020
schurzi and others added 10 commits December 19, 2020 21:10
@schurzi
change inclusion of os specific defaults
2fea1d4 
we now include the os specific options into a separate variable and
merge this with the default ansible namespace, when the corresponding
keys do not already exist (eg. are defined by default oder by user)

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
simplify check for os specific variables
92209c3 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
add test for variable override
b4ce123 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
move tests to verify stage
49f8c73 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
correct grep
467b835 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
linting
f5d8d13 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@rndmh3ro @schurzi
fix typo
8bb3ee2 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
Revert "Merge pull request #351 from sprat/fix-umask"
90c8a3d 
This reverts commit 9e8e0bc, reversing
changes made to 98c7553.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
move immutable ssh vars to internal vars
7b1ef32 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
move vars to OS files
831383b 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
change default handling for all roles
5ff0eec 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
fix issues
cdfbb7e 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
Copy link
Contributor Author

schurzi commented Dec 19, 2020
edited
Loading

interesting, the mysql_daemonvariable is not set by our module, because the included geerlinguy role defines it already (https://github.com/dev-sec/ansible-collection-hardening/runs/1582896787?check_suite_focus=true#step:7:410)

I have currently no idea why Ubuntu 20 is failing.

rndmh3ro
rndmh3ro reviewed Dec 20, 2020
View reviewed changes
roles/os_hardening/tasks/hardening.yml Show resolved Hide resolved
roles/os_hardening/README.md Outdated Show resolved Hide resolved
@rndmh3ro
Copy link
Member

LGTM, just two minor docs-issues.

schurzi and others added 2 commits December 20, 2020 20:29
@schurzi
add documentation
552b641 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@rndmh3ro
Update main.yml
19d792d
@rndmh3ro rndmh3ro merged commit a75e2c0 into master Dec 20, 2020
@rndmh3ro rndmh3ro deleted the default_handling branch December 20, 2020 19:46
@rndmh3ro rndmh3ro mentioned this pull request Dec 20, 2020
Closed
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@schurzi @rndmh3ro
change inclusion of os specific defaults (dev-sec#353)
39f4c9d 
* change inclusion of os specific defaults

we now include the os specific options into a separate variable and
merge this with the default ansible namespace, when the corresponding
keys do not already exist (eg. are defined by default oder by user)

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* simplify check for os specific variables

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* add test for variable override

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* move tests to verify stage

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* correct grep

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* linting

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* fix typo

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* Revert "Merge pull request dev-sec#351 from sprat/fix-umask"

This reverts commit 9e8e0bc, reversing
changes made to 98c7553.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* move immutable ssh vars to internal vars

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* move vars to OS files

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* change default handling for all roles

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* fix issues

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* add documentation

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* Update main.yml

Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
@rndmh3ro rndmh3ro mentioned this pull request Jan 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rndmh3ro rndmh3ro rndmh3ro left review comments

Assignees
No one assigned
Labels
enhancement mysql_hardening os_hardening ssh_hardening
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@schurzi @rndmh3ro