Releases: konstruktoid/ansible-role-hardening
Releases · konstruktoid/ansible-role-hardening
v3.0.0
Note that this is a breaking release requiring Ansible 2.18
What's Changed
- use
ansible_systemd.version
requiring Ansible 2.18 by @konstruktoid in #798 - remove
ssh-rsa
and 256bit options fromssh
defaults by @konstruktoid in #799 - add
initscripts
for service restarts if required by @konstruktoid in #802 - check
rdrand
usingansible_flags
, and ensurerngd
is enabled by @konstruktoid in #805 - update password and suid lists by @konstruktoid in #809
- add UFW protocol specification by @jdaln in #812
Full Changelog: v2.3.0...v3.0.0
v2.3.0
What's Changed
- ignore StopIdleSessionSec if container by @konstruktoid in #764
- make all tasks skippable using variables by @fstarkenberg in #783
- mask ctrl-alt-del using FragmentPath by @konstruktoid in #786
- ensure rebooting works after masking ctrl-alt-del by @konstruktoid in #788
- let
manage_mounts
handle /tmp by @konstruktoid in #794
New Contributors
- @fstarkenberg made their first contribution in #783
Full Changelog: v2.2.0...v2.3.0
v2.2.0
What's Changed
- Refactor automatic_updates by @konstruktoid in #709
- Add Unattended upgrades configuration options by @jdaln in #718
- Add systemd/logind.conf variables by @konstruktoid in #723
- Ensure netplan configuration file permissions by @konstruktoid in #725
- Update tmp.mount with upstream settings by @konstruktoid in #747
- Ensure sshd privsep directories are created by @konstruktoid in #758
- Use StopIdleSessionSec instead of TMOUT on systemd => 252 by @konstruktoid in #763
Full Changelog: v2.1.1...v2.2.0
v2.1.1
What's Changed
- Fix container typo by @jsf9k in #662
- Ensure unattended-upgrades are installed by @konstruktoid in #663
- Remove AlmaLinux 8 from default testing by @konstruktoid in #673
- Ignore change when
apt clean
by @konstruktoid in #674 - Ensure timesyncd isn't changed when unchanged by @konstruktoid in #677
New Contributors
Full Changelog: v2.1.0...v2.1.1
v2.1.0
What's Changed
- add
ufw_rate_limit
variable by @konstruktoid in #608 - set restrictive permssions on journal files by @konstruktoid in #622
- add additional kernel configuration options by @konstruktoid in #624
- add additional sysctl variables by @konstruktoid in #625
- ensure kdump-tools are masked by @konstruktoid in #635
- add custom installations and extend tests by @konstruktoid in #638
- dont try to install empty lists by @konstruktoid in #637
- ignore case in UFW comments by @konstruktoid in #639
- add kernel_lockdown variable by @konstruktoid in #648
New Contributors
Full Changelog: v2.0.4...v2.1.0
v2.1.0-rc.3
What's Changed
- add kernel_lockdown variable by @konstruktoid in #648
Full Changelog: v2.1.0-rc.2...v2.1.0-rc.3
v2.1.0-rc2
What's Changed
- add
ufw_rate_limit
variable by @konstruktoid in #608 - ensure upgrade dont change by @konstruktoid in #610
- Vagrantfile: Added Bookworm by @jdaln in #615
- set restrictive permssions on journal files by @konstruktoid in #622
- add additional kernel configuration options by @konstruktoid in #624
- add additional sysctl variables by @konstruktoid in #625
- replace Ubuntu 20.04 with Ubuntu 24.04 (Noble Numbat) by @konstruktoid in #630
- ensure kdump-tools are masked by @konstruktoid in #635
- replace focal with noble in the Vagrantfile by @konstruktoid in #636
- add custom installations and extend tests by @konstruktoid in #638
- dont try to install empty lists by @konstruktoid in #637
- ignore case in UFW comments by @konstruktoid in #639
New Contributors
Full Changelog: v2.0.4...v2.1.0-rc.2
v2.1.0-rc.1
What's Changed
- add
ufw_rate_limit
variable by @konstruktoid in #608 - set restrictive permssions on journal files by @konstruktoid in #622
- add additional kernel configuration options by @konstruktoid in #624
- add additional sysctl variables by @konstruktoid in #625
- replace Ubuntu 20.04 with Ubuntu 24.04 (Noble Numbat) by @konstruktoid in #630
- ensure kdump-tools are masked by @konstruktoid in #635
- ignore case in UFW comments by @konstruktoid in #639
New Contributors
Full Changelog: v2.0.4...v2.1.0-rc.1
v2.0.4
What's Changed
- update test docs by @konstruktoid in #601
- dont recurse when creating custom facts directories by @konstruktoid in #602
Full Changelog: v2.0.3...v2.0.4
v2.0.3
What's Changed
- add journald variables by @konstruktoid in #581
- add
aide_dir_exclusions
variable and use include directories if present by @konstruktoid in #587 - ensure usb/devices exists before installing USBGuard by @konstruktoid in #591
Full Changelog: v2.0.2...v2.0.3