Skip to content

Latest commit

 

History

History
467 lines (324 loc) · 49.3 KB

OS_HARDENING_CHANGELOG.md

File metadata and controls

467 lines (324 loc) · 49.3 KB

Changelog

6.2.0 (2020-08-17)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • Consider using find module instead of shell #293
  • Optimize logical OR in when clause #292
  • vfat added to dev-sec.conf, but efi is used #288
  • OpenSUSE Support #249

Merged pull requests:

6.1.0 (2020-07-21)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Is it safe to use on Debian 10? The build is failing. #281 [bug]

Closed issues:

  • The state of the galaxy release #269

Merged pull requests:

6.0.3 (2020-06-06)

Full Changelog

Implemented enhancements:

6.0.2 (2020-06-02)

Full Changelog

Implemented enhancements:

6.0.1 (2020-05-09)

Full Changelog

Implemented enhancements:

6.0.0 (2020-05-05)

Full Changelog

Implemented enhancements:

Fixed bugs:

5.2.1 (2019-06-09)

Full Changelog

Implemented enhancements:

Fixed bugs:

5.2.0 (2019-05-04)

Full Changelog

Implemented enhancements:

Fixed bugs:

5.1.0 (2018-10-17)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • auditd causing v5.0 to fail on unpriviledged LXC's #191 [bug]
  • Setting os_security_users_allow has no effect #175 [bug]
  • add /usr/bin/su to suid_guid whitelist #199 [bug] (ccolic)
  • ensure that permissions to su-binary are not restricted to root user and group only, if os_security_users_allow contains the value change_user #197 [bug] (szEvEz)

5.0.0 (2018-09-02)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • minimize_access: maximum recursion depth exceeded on Ansible 2.5 #171 [bug]
  • wrong permissions passwdqc #170 [bug]
  • Update deprecated include statements #166 [bug]
  • Strongly recommend against disabling vfat by default #162 [bug]
  • System completely unresponsive after role execution #145 [bug]
  • do not install passwdqc on amazon linux #189 [bug] (rndmh3ro)
  • add back run opts for debian 8 in travis #184 [bug] (rndmh3ro)
  • Fix core dump config file creation when core dumps are disabled #182 [bug] (Normo)
  • change minimize access method #181 [bug] (rndmh3ro)

4.3.0 (2018-01-03)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • ansible hardening fails on ubuntu 16.04 with msg": "ERROR! 'sysctl_rhel_config' is undefined #147
  • Enhancement: Test with TestInfra and Molecule #128

Merged pull requests:

4.3.1 (2017-09-13)

Full Changelog

Fixed bugs:

  • os_security_kernel_enable_sysrq is not implemented #115 [bug]

4.2.0 (2017-08-08)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Why is rsync removed? #141 [bug]
  • playbook makes OS undetectable #124 [bug]
  • Centos7/RHEL7: Exec shield is enabled by default and not manageable anymore by sysctl.conf #118 [bug]
  • Remove rsync from package blacklist #142 [bug] (duk3luk3)

Merged pull requests:

  • remove execshield sysctl-parameter on rhel7 #119 (rndmh3ro)

4.1.0 (2017-06-27)

Full Changelog

Fixed bugs:

  • Change system accounts not on the user provided ignore-list items are not JSON serializable #125 [bug]
  • Could not find gem 'ruby (>= 2.1.0)' #116 [bug]
  • The task sysctl fails when /etc/initramfs-tools is not present #111 [bug]
  • Deprecation warning always_run #103 [bug]

Closed issues:

  • Enhancement: Pin python dependencies for development and testing #127
  • Update readme to include baselines #122

Merged pull requests:

  • Converts set to JSON-serializable list #126 (pestaa)
  • add more sysctl settings, allow overwriting #120 (rndmh3ro)

4.0.0 (2017-03-14)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • The role fails when conditionally included #105 [bug]

Closed issues:

  • Error running on RHEL 7 due to syntax issues #112
  • disable password age #109

Merged pull requests:

3.2.0 (2016-10-24)

Full Changelog

Fixed bugs:

  • CentOS 7 selinux dependencies #102 [bug]
  • ubuntu xenial warning during activate gpg-check for yum-repos #99 [bug]
  • rhel_system_auth.j2 is still using pam_passwdqc.so for CentOS 7 #98 [bug]
  • Enable pam_pwquality in rhel-family > 7 #73 [bug] [help wanted]
  • "irc" user always changed after reboot #53 [bug] [help wanted]

Merged pull requests:

3.1.0 (2016-08-03)

Full Changelog

3.1 (2016-07-27)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Centos 7.1 fails at [Change various sysctl-settings on rhel-hosts...] #74 [bug]
  • Hardening fails on Centos 7.1 at task 'minimize access' #71 [bug] [help wanted]

Closed issues:

  • Permissions on /etc/shadow can lock out GUI users #86
  • network related sysctl rewritten by ufw in ubuntu #82
  • ansible >= 2.0 complains: Using bare variables is deprecated #78

Merged pull requests:

  • Fix a formatting issue in readme. #92 (vivekagr)
  • Permits overriding permissions on /etc/shadow #89 (conorsch)

3.0.0 (2016-03-13)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • Hardening fails on Centos 7.1 at task 'remove suid/sgid bit from all binaries except in system and user whitelist' #72
  • ansible 2.0 | "remove suid/sgid" task fails #64
  • Custom sysctl #50

Merged pull requests:

2.0.0 (2015-11-28)

Full Changelog

Closed issues:

  • Fix directory structure. #48
  • pam auth update error #47

Merged pull requests:

1.0.0 (2015-09-01)

Full Changelog

Closed issues:

  • ansible-os-hardening/tasks/minimize_access.yml #38
  • Role configuration. vars/main.yml? #34
  • Sysctl reloading #18
  • Add conditions for disabling of ip forwarding #15
  • Disable System Accounts #6

Merged pull requests:

* This Changelog was automatically generated by github_changelog_generator