Merge pull request #163 from dev-sec/new_tests

New tests
dev-sec · Jun 29, 2018 · 7949628 · 7949628
2 parents 75f1fe4 + 11e976a
commit 7949628
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -62,7 +62,9 @@ script:
 
   # Verify role
   # remove the UseLogin-check, see here for reasons: https://github.com/dev-sec/ansible-ssh-hardening/pull/141
-  - 'inspec exec https://github.com/dev-sec/ssh-baseline/ -t docker://$(cat ${container_id}) --controls=sshd-01 sshd-02 sshd-03 sshd-04 sshd-05 sshd-06 sshd-07 sshd-08 sshd-09 sshd-10 sshd-11 sshd-12 sshd-13 sshd-14 sshd-16 sshd-17 sshd-18 sshd-19 sshd-20 sshd-21 sshd-22 sshd-23 sshd-24 sshd-25 sshd-26 sshd-27 sshd-28 sshd-29 sshd-30 sshd-31 sshd-32 sshd-33 sshd-34 sshd-35 sshd-36 sshd-37 sshd-38 sshd-39 sshd-40'
+  - 'inspec exec https://github.com/dev-sec/ssh-baseline/ -t docker://$(cat ${container_id}) --controls=sshd-01 sshd-02 sshd-03 sshd-04 sshd-05 sshd-06 sshd-07 sshd-08 sshd-09 sshd-10 sshd-11 sshd-12 sshd-13 sshd-14 sshd-16 sshd-17 sshd-18 sshd-19 sshd-20 sshd-21 sshd-22 sshd-23 sshd-24 sshd-25 sshd-26 sshd-27 sshd-28 sshd-29 sshd-30 sshd-31 sshd-32 sshd-33 sshd-34 sshd-35 sshd-36 sshd-37 sshd-38 sshd-39 sshd-40 sshd-41 sshd-42 sshd-43 sshd-44 sshd-45 sshd-46 sshd-47 sshd-48'
+  # remove UseRoaming and RhostsRSAAuthentication because these options are deprecated
+  - 'inspec exec https://github.com/dev-sec/ssh-baseline/ -t docker://$(cat ${container_id}) --controls=ssh-01 ssh-02 ssh-03 ssh-04 ssh-05 ssh-06 ssh-07 ssh-08 ssh-09 ssh-10 ssh-11 ssh-12 ssh-13 ssh-16 ssh-17 ssh-18 ssh-19 ssh-20'
 
 notifications:
   webhooks: https://galaxy.ansible.com/api/v1/notifications/
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -15,7 +15,8 @@
   register: sshd_version
   check_mode: no
 
-- include_tasks: crypto.yml
+- name: include tasks to create crypo-vars
+  include_tasks: crypto.yml
 
 - name: create revoked_keys and set permissions to root/600
   template:
@@ -59,11 +60,12 @@
   notify: restart sshd
   when: sshd_register_moduli.stdout
 
-- include_tasks: ca_keys_and_principals.yml
+- name: include tasks to setup ca keys and principals
+  include_tasks: ca_keys_and_principals.yml
   when: ssh_trusted_user_ca_keys_file != ''
 
-# Install the 2FA packages and setup the config in PAM and SSH
-- include_tasks: 2fa.yml
+- name: include tasks to setup 2FA
+  include_tasks: 2fa.yml
   when:
     - ssh_use_pam
     - ssh_challengeresponseauthentication
@@ -76,5 +78,6 @@
   changed_when: false
   check_mode: no
 
-- include_tasks: selinux.yml
+- name: include selinux specific tasks
+  include_tasks: selinux.yml
   when: sestatus.rc == 0