ansible-os-hardening 6.0.0

6.0.0 (2020-04-13)

Full Changelog

Possibly Breaking Changes:

• On systems were SELinux is installed, it is now set to Enforcing.

Implemented enhancements:

• Configure audit=1 for more accurate auid auditing #253
• Add Debian Buster support for ansible-os-hardening #233
• Add CentOS 8 support for ansible-os-hardening #232
• Add selinux configuration #154
• Make useradd defaults in login.defs dependent on OS #266 (Aisbergg)
• Add kernel hardening parameters from Tails and CIS Benchmark #263 (kravietz)
• add ansible-lint #262 (rndmh3ro)
• Remove trailing space #261 (kravietz)
• Add kernel parameter information to README #259 (jaredledvina)
• Remove trailing whitespaces (ansible-lint 201) #254 (kravietz)
• Standardize the var ordering #251 (dustinmiller1337)
• Add intial support for OpenSUSE #250 (dustinmiller1337)
• Make max_log_file_action for auditd configurable #246 (jandd)
• Add exception in sysctl task #240 (okupriyanov)
• Fedora - Use new auto ansible_python_interpreter for dnf #239 (jaredledvina)
• add test support for CentOS8 #237 (yeoldegrove)
• Support configuring SELinux and default to enforcing #236 (jaredledvina)
• Add test support for debian buster #234 (123Haynes)
• Changed local var name to a less common one #231 (rgarrigue)
• Use ansible facts for vars #226 (joshuatalb)

Fixed bugs:

• Invalid Conditionals in user_accounts.yml #255
• auth-system related files are created for non-RHEL systems (e.g. Debian) #247
• NSA website links are stale #227
• Running ansible on python3 throughs "TypeError: '<=' not supported between instances of 'str' and 'int'" #223
• [lots of] deprecation warnings in Ansible 2.8 #221
• Add a "don't fail on error" switch ? #148
• Addressing issue #255 #258 (ljkimmel)
• Fix #247, cleanup conditions #248 (fernandezcuesta)
• Fix error on applying the sysctl vars on containers #243 (okupriyanov)
• Update location of NSA RHEL 5 Guide #235 (jaredledvina)