Merge branch 'master' into pwhistory

Signed-off-by: Martin Schurz <[email protected]>

Author: schurzi

CHANGELOG.md

@@ -1,11 +1,18 @@
 # Changelog
 
-## [7.3.1](https://github.com/dev-sec/ansible-collection-hardening/tree/7.3.1) (2021-03-16)
+## [7.4.0](https://github.com/dev-sec/ansible-collection-hardening/tree/7.4.0) (2021-03-23)
 
-[Full Changelog](https://github.com/dev-sec/ansible-collection-hardening/compare/7.3.0...7.3.1)
+[Full Changelog](https://github.com/dev-sec/ansible-collection-hardening/compare/7.3.0...7.4.0)
+
+**Closed issues:**
+
+- Errors in packer build for vagrant builder [\#244](https://github.com/dev-sec/ansible-collection-hardening/issues/244)
 
 **Merged pull requests:**
 
+- Remove comments from PAM config file, but keep it in the template [\#430](https://github.com/dev-sec/ansible-collection-hardening/pull/430) ([joubbi](https://github.com/joubbi))
+- add support for using a proxy to test with molecule [\#429](https://github.com/dev-sec/ansible-collection-hardening/pull/429) ([rndmh3ro](https://github.com/rndmh3ro))
+- Harden user home dirs [\#428](https://github.com/dev-sec/ansible-collection-hardening/pull/428) ([rndmh3ro](https://github.com/rndmh3ro))
 - Improve Documentation for sysctl defaults [\#418](https://github.com/dev-sec/ansible-collection-hardening/pull/418) ([joubbi](https://github.com/joubbi))
 
 ## [7.3.0](https://github.com/dev-sec/ansible-collection-hardening/tree/7.3.0) (2021-03-16)

molecule/mysql_hardening/converge.yml

@@ -2,6 +2,10 @@
 - name: wrapper playbook for kitchen testing "ansible-mysql-hardening"
   hosts: all
   become: true
+  environment:
+    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
+    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
+    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
   tasks:
     - name: Determine required MySQL Python libraries (Ubuntu Focal Fossa ++)
       set_fact:

molecule/mysql_hardening/molecule.yml

@@ -20,6 +20,11 @@ platforms:
       container: docker
     security_opts:
       - apparmor=unconfined
+    env:
+      http_proxy: "${http_proxy}"
+      https_proxy: "${https_proxy}"
+      no_proxy: "${no_proxy}"
+      container: docker
 provisioner:
   name: ansible
   config_options:

molecule/mysql_hardening/prepare.yml

@@ -3,6 +3,10 @@
 - name: wrapper playbook for kitchen testing "ansible-mysql-hardening"
   hosts: all
   become: true
+  environment:
+    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
+    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
+    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
   tasks:
     - name: Run the equivalent of "apt-get update && apt-get upgrade"
       apt:

molecule/mysql_hardening/verify.yml

@@ -2,6 +2,10 @@
 - name: Verify
   hosts: all
   become: true
+  environment:
+    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
+    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
+    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
   roles:
     - geerlingguy.git
   tasks:

molecule/nginx_hardening/converge.yml

@@ -2,6 +2,10 @@
 - name: wrapper playbook for kitchen testing "ansible-nginx-hardening" with custom settings
   become: true
   hosts: all
+  environment:
+    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
+    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
+    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
   vars:
     - nginx_ppa_use: true
     - nginx_ppa_version: stable

molecule/nginx_hardening/molecule.yml

@@ -21,7 +21,10 @@ platforms:
     capabilities:
       - SYS_ADMIN
     tty: true
-    environment:
+    env:
+      http_proxy: "${http_proxy}"
+      https_proxy: "${https_proxy}"
+      no_proxy: "${no_proxy}"
       container: docker
 provisioner:
   name: ansible

molecule/nginx_hardening/prepare.yml

@@ -2,6 +2,10 @@
 - name: prepare playbook for kitchen testing "ansible-nginx-hardening" with custom settings
   become: true
   hosts: all
+  environment:
+    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
+    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
+    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
   tasks:
     - name: install required tools on SuSE
       zypper:

molecule/nginx_hardening/verify.yml

@@ -2,6 +2,10 @@
 - name: Verify
   hosts: all
   become: true
+  environment:
+    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
+    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
+    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
   roles:
     - geerlingguy.git
   tasks:

molecule/os_hardening/converge.yml

@@ -2,6 +2,10 @@
 - name: wrapper playbook for kitchen testing "ansible-os-hardening" with custom vars for testing
   hosts: all
   become: true
+  environment:
+    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
+    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
+    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
   collections:
     - devsec.hardening
   tasks: