Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Increase test coverage #17

Open
2 of 13 tasks
pyllyukko opened this issue Oct 2, 2017 · 0 comments
Open
2 of 13 tasks

Increase test coverage #17

pyllyukko opened this issue Oct 2, 2017 · 0 comments

Comments

@pyllyukko
Copy link
Owner

pyllyukko commented Oct 2, 2017

What started in the tests branch...

General

  • Make sure parallelism doesn't break the Debian tests

PAM

  • pam_lastlog in /etc/pam.d/gdm-password
  • limiting password reuse in *
  • removing nullok from /etc/pam.d/common-auth
  • configuring pwquality
  • Everything against CentOS

Easy ones

  • disable_gdm3_user_list()
  • Certificates?
    • Test ca-certificates.conf.new by connecting to bunch of places
  • PGP keys
  • sysstat
  • configure_password_policies()

Lot of work

  • All the rest 👅

TODO / Ideas

TASK [Copy /etc/sudoers.new to /etc/sudoers] ***********************************
changed: [molecule-slackware]

TASK [Remove /etc/sudoers.new] *************************************************
fatal: [molecule-slackware]: FAILED! => {"changed": false, "module_stderr": "sudo: sorry, you must have a tty to run sudo\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

A plan

  • Add "minimal" support for Ubuntu for GH runner(s)
  • Run playbook by tag
    • --skip-tags slackware
  • Run Lynis (Use Lynis to test hardenings before & after #21)
    • Collect Lynis log as artifact?
    • Fail on low score?
  • Start with something simple and measurable (and in userland)
    • Banners
    • PAM
    • Umask
pyllyukko added a commit that referenced this issue Dec 21, 2024
Naturally it's not complete yet, but it's a start.

Relates to #17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant