automation: Update devsec.hardening to version 7.5.0
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| devsec.hardening (source) | galaxy-collection | minor |
7.1.0 -> 7.5.0
|
Release Notes
dev-sec/ansible-os-hardening
v7.5.0
Implemented enhancements:
Fixed bugs:
- SSH kex sntrup4591761x25519-sha512@tinyssh.org replaced #433
- Fix ssh kex sntrup761x25519-sha512@openssh.com for openssh >= 8.5 #437 (BenjaminBoehm)
Closed issues:
- Harden user home directories #276
Merged pull requests:
- remove secure-auth param if mysql >= 8.0.3 #438 (rndmh3ro)
- Improved comments. #436 (joubbi)
- os_auth_pam_pwquality_options: Changed type to authtok_type #432 (joubbi)
- add restart-auditd handler after configuration change #427 (rndmh3ro)
- add new tasks to delete mysql users without passwords #423 (rndmh3ro)
- Uppercased first letter of task names. #422 (joubbi)
v7.4.0
Implemented enhancements:
Closed issues:
- Errors in packer build for vagrant builder #244
Merged pull requests:
- Use pam_pwhistory.so instead of pam_unix.so for remembering old passwords #431 (joubbi)
- Remove comments from PAM config file, but keep it in the template #430 (joubbi)
- add support for using a proxy to test with molecule #429 (rndmh3ro)
- Improve Documentation for sysctl defaults #418 (joubbi)
v7.3.0
Implemented enhancements:
- pam_tally2 is deprecated in RHEL8 and pam_faillock should be used in EL7 and EL8 instead. #377
- Replace pam_tally2 with pam_faillock in Redhat #273
- Extend GSSAPI configuration support to ssh_config #403 (wzzrd)
- add restart handler variable for mysql role #399 (rndmh3ro)
- restructure PAM handling and update for currently supported Linux distributions #392 (schurzi)
Fixed bugs:
- Not able to use
sudocommand for user authenticated via ActiveDirectory #278 - You shouldn't touch /etc/pam.d/system-auth-ac in RedHat/CentOS #252
Closed issues:
- Netdata monitoring of docker in docker no longer possible #412
- Unable to connect with SSH (Permission denied (publickey)) #411
- TASK [os_hardening : configure auditd | package-08] #410
- Collection throws undefined ansible_role_name error in auditd task #409
- Ensure permissions on /etc/crontab are configured #375
- Documentation should be updated #361
Merged pull requests:
- Improve Release Action #421 (schurzi)
- remove FQCN from roles in examples #420 (schurzi)
- Ensure permissions on /etc/crontab are configured #405 (joubbi)
- remove FQCN from roles in examples #404 (schurzi)
- do not install mysql python package on target host #401 (rndmh3ro)
- make wrong password fail task #400 (rndmh3ro)
v7.2.0
Implemented enhancements:
- Add variable to specify SSH host RSA key size #394 (Normo)
- Set default for ssh host key files only when hardening the server #393 (Normo)
Fixed bugs:
- A reason why instance would go in rescue mode ? #267
- fix galaxy action to update local galaxy.yml #395 (Normo)
Closed issues:
- Updating version in galaxy.yml should be part of the release process #396
- ssh_hardening fail on keypair generation #388
- The system must display the date and time of the last successful account logon upon an SSH logon. #362
- Error in "root password is present" step #326
Merged pull requests:
- update ansible-lint to version 5 #397 (schurzi)
- fix minimum required ansible version in docs #390 (schurzi)
v7.1.1
Fixed bugs:
Closed issues:
- AnsibleUndefinedVariable: 'ansible_role_name' is undefined with 7.1.0 #387
Configuration
-
If you want to rebase/retry this MR, check this box.
This MR has been generated by Renovate Bot. The local configuration can be found in the local Renovate Bot repository.