Skip to content

Commit 1c81e9f

Browse files
author
Sebastian Gumprich
committed
debian 8 support
I implemented Debian 8 support (and removed debian 6 support, since its EOL) as well as making it easier to locally test the role with inspec.
1 parent b5f4bac commit 1c81e9f

File tree

2 files changed

+28
-10
lines changed

2 files changed

+28
-10
lines changed

.kitchen.yml

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,25 @@
11
---
22
driver:
33
name: vagrant
4+
45
provisioner:
56
name: ansible_playbook
6-
test_repo_uri: https://github.com/hardening-io/tests-os-hardening.git
77
hosts: all
88
require_ansible_repo: false
99
require_ansible_omnibus: true
1010
require_chef_for_busser: false
1111
require_ruby_for_busser: false
1212
ansible_verbose: true
1313
ansible_diff: true
14+
hosts: all
1415
roles_path: ../ansible-os-hardening/
15-
playboo: default.yml
16+
playbook: default.yml
17+
18+
verifier:
19+
name: inspec
20+
sudo: true
21+
inspec_tests:
22+
- https://github.com/dev-sec/tests-os-hardening
1623

1724
platforms:
1825
- name: ubuntu-12.04
@@ -39,10 +46,6 @@ platforms:
3946
driver_config:
4047
box: oracle-6.5
4148
box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
42-
- name: debian-6
43-
driver_config:
44-
box: debian-6
45-
box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box
4649
- name: debian-7
4750
driver_config:
4851
box: debian-7
@@ -51,10 +54,9 @@ platforms:
5154
driver_config:
5255
box: debian-8
5356
box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box
54-
verifier:
55-
name: inspec
57+
5658
suites:
57-
- name: ansible_1.9
59+
- name: os-ansible_1.9
5860
provisioner:
5961
ansible_version: 1.9.4
60-
- name: ansible_latest
62+
- name: os-ansible_latest

default.yml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,20 @@
11
---
2+
- name: wrapper playbook for kitchen testing "ansible-os-hardening" with custom vars for testing
3+
hosts: localhost
4+
roles:
5+
- ansible-os-hardening
6+
vars:
7+
os_security_users_allow: change_user
8+
os_security_kernel_enable_core_dump: true
9+
os_security_suid_sgid_remove_from_unknown: true
10+
os_auth_pam_passwdqc_enable: false
11+
os_desktop_enable: true
12+
os_env_extra_user_paths: ['/home']
13+
os_auth_allow_homeless: true
14+
os_security_kernel_enable_core_dump: true
15+
os_security_suid_sgid_blacklist: ['/bin/umount']
16+
os_security_suid_sgid_whitelist: ['/usr/bin/rlogin']
17+
218
- name: wrapper playbook for kitchen testing "ansible-os-hardening"
319
hosts: localhost
420
roles:

0 commit comments

Comments
 (0)