Skip to content

Releases: dev-sec/puppet-os-hardening

puppet-os-hardening 2.1.0

17 Jan 07:44
@mcgege mcgege
2.1.0
1c3c013
Compare
Choose a tag to compare
puppet-os-hardening 2.1.0

Implemented enhancements:

Fixed bugs:

  • Limit recursive file/directory check #116 (mcgege)

Closed issues:

  • Minimize access needs a better way of removing +w on system folders #60
  • login.defs for different OS #57
  • Adduser consistency #49

Merged pull requests:

  • Skip entropy tests and disable auditd tests #117 (artem-sidorenko)
  • Get CI tests running on azure #115 (artem-sidorenko)
  • Making test-kitchen work again #112 (artem-sidorenko)
  • Correct header comments in sysctl.pp #69 (Zordrak)
Loading

puppet-os-hardening 2.0.0

19 Dec 17:35
@mcgege mcgege
2.0.0
b6efa1c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
puppet-os-hardening 2.0.0

Closed issues:

  • Update some RH settings in this module #102
  • SLES and OEL errors when ipv6 is disabled #82
  • Failed to generate additional resources #75
  • Multiple conflicts with Puppet Enterprise #74
  • Conflict with Puppet Enterprise 2016.1.1 #71
  • allow_core_dump set to true still ends up setting /etc/security/limits.d/10.hardcore.conf and /etc/profile.d/pinerolo_profile.sh files #68
  • IPv6 setting problem #67
  • Log martian packets #66
  • Merge #64 #65
  • net.ipv6.conf.default.accept_ra #56

Merged pull requests:

  • Prepare module for v2.0.0 #109 (mcgege)
  • Update links + contributors in README #108 (mcgege)
  • Implement new RH defaults (see issue #102) #103 (mcgege)
  • Avoid picking up users retrieved from SSSD or other domain services. #101 (tprobinson)
  • Implement linux-baseline os-10 #100 (mcgege)
  • Style Guide corrections #98 (mcgege)
  • Update module metadata #97 (mcgege)
  • Baseline sysctl-17: Enable logging of martian packets #96 (mcgege)
  • One single coredump parameter #95 (mcgege)
  • Fix for Linux Baseline os-02 #94 (mcgege)
  • Baseline os-05b: set SYS_[GU]ID_[MIN|MAX] in /etc/login.defs #92 (mcgege)
  • Remove config/scripts to prevent core dumps if function is disabled… #91 (mcgege)
  • DevSec Linux Baseline os-05 #90 (mcgege)
  • Corrected handling of /bin/su (via allow_change_user) #89 (mcgege)
  • Documentation update #88 (mcgege)
  • added switch manage_ipv6, so people could disable managing of ipv6 co… #87 (STetzel)
  • CentOS7 issue - revert "Remove link following in minimize_access file resource" #86 (mcgege)
  • Making rubocop happy #85 (artem-sidorenko)
  • Make the sysctl setting 'rp_filter' configurable #84 (mcgege)
  • Quick fix for issue #71: remove '/usr/local/bin' from managed folders #83 (mcgege)
  • Puppet-lint done for sysctl.pp #81 (bitvijays)
  • Fix the CI #80 (artem-sidorenko)
  • Adopt Puppet style guide - remove dynamic variable lookup #70 (tuxmea)
  • Remove link following in minimize_access file resource #64 (rooprob)
  • update common kitchen.yml platforms #63 (chris-rock)
  • add support for limiting password re-use. #61 (igoraj)
  • add local testing section to readme #59 (chris-rock)
  • add net.ipv6.conf.default.accept_ra. closes #56 #58 (igoraj)
  • Disable System Accounts #54 (igoraj)
  • common files: add centos 7 #53 (arlimus)
Loading

puppet-os-hardening 1.1.2

09 May 22:45
@chris-rock chris-rock
1.1.2
df00a5c
Compare
Choose a tag to compare
puppet-os-hardening 1.1.2
  • feature: puppet 4 support
  • bugfix: ruby1.8+puppet+rspec interplay
  • bugfix: use scoped resource for puppet 4
Loading

puppet-os-hardening 1.1.1

03 May 12:21
@chris-rock chris-rock
1.1.1
c5973bc
Compare
Choose a tag to compare
puppet-os-hardening 1.1.1
  • feature: add stack protection configuration via sysctl (enabled)
  • bugfix: replace non-ascii char in login.defs
  • bugfix: follow links for RHEL7 /bin and /sbin
  • bugfix: fixed tty newlines
  • bugfix: minor log typos
Loading