puppet-os-hardening | Linux Ecosystem Directory

Bot releases are hidden (Show)

puppet-os-hardening - puppet-os-hardening 2.1.0

Published by mcgege almost 7 years ago

Implemented enhancements:

Update to verify the module against https://github.com/dev-sec/linux-baseline #79
Use type checking by defining data types #114 (mcgege)
Make paramater USERGROUPS_ENAB in login.defs configurable #113 (mcgege)

Fixed bugs:

Limit recursive file/directory check #116 (mcgege)

Closed issues:

Minimize access needs a better way of removing +w on system folders #60
login.defs for different OS #57
Adduser consistency #49

Merged pull requests:

Skip entropy tests and disable auditd tests #117 (artem-sidorenko)
Get CI tests running on azure #115 (artem-sidorenko)
Making test-kitchen work again #112 (artem-sidorenko)
Correct header comments in sysctl.pp #69 (Zordrak)

puppet-os-hardening - puppet-os-hardening 2.0.0

Published by mcgege almost 7 years ago

Closed issues:

Update some RH settings in this module #102
SLES and OEL errors when ipv6 is disabled #82
Failed to generate additional resources #75
Multiple conflicts with Puppet Enterprise #74
Conflict with Puppet Enterprise 2016.1.1 #71
allow_core_dump set to true still ends up setting /etc/security/limits.d/10.hardcore.conf and /etc/profile.d/pinerolo_profile.sh files #68
IPv6 setting problem #67
Log martian packets #66
Merge #64 #65
net.ipv6.conf.default.accept_ra #56

Merged pull requests:

Prepare module for v2.0.0 #109 (mcgege)
Update links + contributors in README #108 (mcgege)
Implement new RH defaults (see issue #102) #103 (mcgege)
Avoid picking up users retrieved from SSSD or other domain services. #101 (tprobinson)
Implement linux-baseline os-10 #100 (mcgege)
Style Guide corrections #98 (mcgege)
Update module metadata #97 (mcgege)
Baseline sysctl-17: Enable logging of martian packets #96 (mcgege)
One single coredump parameter #95 (mcgege)
Fix for Linux Baseline os-02 #94 (mcgege)
Baseline os-05b: set SYS_[GU]ID_[MIN|MAX] in /etc/login.defs #92 (mcgege)
Remove config/scripts to prevent core dumps if function is disabled… #91 (mcgege)
DevSec Linux Baseline os-05 #90 (mcgege)
Corrected handling of /bin/su (via allow_change_user) #89 (mcgege)
Documentation update #88 (mcgege)
added switch manage_ipv6, so people could disable managing of ipv6 co… #87 (STetzel)
CentOS7 issue - revert "Remove link following in minimize_access file resource" #86 (mcgege)
Making rubocop happy #85 (artem-sidorenko)
Make the sysctl setting 'rp_filter' configurable #84 (mcgege)
Quick fix for issue #71: remove '/usr/local/bin' from managed folders #83 (mcgege)
Puppet-lint done for sysctl.pp #81 (bitvijays)
Fix the CI #80 (artem-sidorenko)
Adopt Puppet style guide - remove dynamic variable lookup #70 (tuxmea)
Remove link following in minimize_access file resource #64 (rooprob)
update common kitchen.yml platforms #63 (chris-rock)
add support for limiting password re-use. #61 (igoraj)
add local testing section to readme #59 (chris-rock)
add net.ipv6.conf.default.accept_ra. closes #56 #58 (igoraj)
Disable System Accounts #54 (igoraj)
common files: add centos 7 #53 (arlimus)

puppet-os-hardening - puppet-os-hardening 1.1.2

Published by chris-rock over 9 years ago

feature: puppet 4 support
bugfix: ruby1.8+puppet+rspec interplay
bugfix: use scoped resource for puppet 4

puppet-os-hardening - puppet-os-hardening 1.1.1

Published by chris-rock over 9 years ago

feature: add stack protection configuration via sysctl (enabled)
bugfix: replace non-ascii char in login.defs
bugfix: follow links for RHEL7 /bin and /sbin
bugfix: fixed tty newlines
bugfix: minor log typos

Badges

Extracted from project README

Related Projects

bento

Packer templates for building minimal Vagrant baseboxes for multiple platforms

07 Mar 2012 4,201

devops-resources

DevOps resources - Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes...

07 Jan 2019 8,538