Skip to content
This repository was archived by the owner on Dec 26, 2020. It is now read-only.

Commit b4014e6

Browse files
jcheroskejcheroske
committed
Merge branch 'master' of github.com:dev-sec/ansible-ssh-hardening
2 parents e3575e5 + 6b2e45c commit b4014e6

File tree

3 files changed

+32
-12
lines changed

3 files changed

+32
-12
lines changed

.kitchen.vagrant.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ provisioner:
1616
require_ruby_for_busser: false
1717
ansible_verbose: true
1818
roles_path: ../ansible-ssh-hardening/
19-
playbook: default.yml
19+
playbook: tests/default.yml
2020
http_proxy: <%= ENV['http_proxy'] || nil %>
2121
https_proxy: <%= ENV['https_proxy'] || nil %>
2222

.kitchen.yml

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,22 @@ platforms:
3535
driver:
3636
image: rndmh3ro/docker-centos7-ansible:latest
3737
platform: centos
38+
run_command: /sbin/init
39+
provision_command:
40+
- sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
41+
- systemctl enable sshd.service
3842
- name: oracle6-ansible-latest
3943
driver:
4044
image: rndmh3ro/docker-oracle6-ansible:latest
4145
platform: centos
4246
- name: oracle7-ansible-latest
4347
driver:
4448
image: rndmh3ro/docker-oracle7-ansible:latest
49+
run_command: /sbin/init
4550
platform: centos
51+
provision_command:
52+
- sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
53+
- systemctl enable sshd.service
4654
- name: ubuntu1404-ansible-latest
4755
driver:
4856
image: rndmh3ro/docker-ubuntu1404-ansible:latest
@@ -51,6 +59,9 @@ platforms:
5159
driver:
5260
image: rndmh3ro/docker-ubuntu1604-ansible:latest
5361
platform: ubuntu
62+
run_command: /sbin/init
63+
provision_command:
64+
- systemctl enable ssh.service
5465
- name: debian7-ansible-latest
5566
driver:
5667
image: rndmh3ro/docker-debian7-ansible:latest
@@ -59,14 +70,22 @@ platforms:
5970
driver:
6071
image: rndmh3ro/docker-debian8-ansible:latest
6172
platform: debian
62-
#- name: debian9-ansible-latest
63-
# driver:
64-
# image: rndmh3ro/docker-debian9-ansible:latest
65-
# platform: debian
73+
- name: debian9-ansible-latest
74+
driver:
75+
image: rndmh3ro/docker-debian9-ansible:latest
76+
platform: debian
77+
run_command: /sbin/init
78+
provision_command:
79+
- apt install -y systemd-sysv
80+
- systemctl enable ssh.service
6681
- name: amazon-ansible-latest
6782
driver:
6883
image: rndmh3ro/docker-amazon-ansible:latest
6984
platform: centos
85+
run_command: /sbin/init
86+
provision_command:
87+
- sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
88+
- systemctl enable sshd.service
7089

7190
verifier:
7291
name: inspec

.travis.yml

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,10 @@ env:
1515
version: latest
1616
init: /sbin/init
1717

18-
- distro: oracle7
19-
init: /usr/lib/systemd/systemd
20-
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
21-
version: latest
18+
# - distro: oracle7
19+
# init: /usr/lib/systemd/systemd
20+
# run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
21+
# version: latest
2222

2323
- distro: ubuntu1604
2424
version: latest
@@ -35,17 +35,18 @@ env:
3535

3636
- distro: debian8
3737
version: latest
38-
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
3938
init: /sbin/init
39+
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
4040

4141
- distro: debian9
4242
version: latest
4343
init: /lib/systemd/systemd
4444
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
4545

4646
- distro: amazon
47-
init: /sbin/init
47+
init: /lib/systemd/systemd
4848
version: latest
49+
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
4950

5051
before_install:
5152
# Pull container
@@ -63,7 +64,7 @@ script:
6364
# Verify role
6465
# remove the UseLogin-check, see here for reasons: https://github.com/dev-sec/ansible-ssh-hardening/pull/141
6566
- 'inspec exec https://github.com/dev-sec/ssh-baseline/ -t docker://$(cat ${container_id}) --controls=sshd-01 sshd-02 sshd-03 sshd-04 sshd-05 sshd-06 sshd-07 sshd-08 sshd-09 sshd-10 sshd-11 sshd-12 sshd-13 sshd-14 sshd-16 sshd-17 sshd-18 sshd-19 sshd-20 sshd-21 sshd-22 sshd-23 sshd-24 sshd-25 sshd-26 sshd-27 sshd-28 sshd-29 sshd-30 sshd-31 sshd-32 sshd-33 sshd-34 sshd-35 sshd-36 sshd-37 sshd-38 sshd-39 sshd-40 sshd-41 sshd-42 sshd-43 sshd-44 sshd-45 sshd-46 sshd-47 sshd-48 --no-distinct-exit'
66-
# remove UseRoaming and RhostsRSAAuthentication because these options are deprecated
67+
# remove UseRoaming and RhostsRSAAuthentication because these options are deprecated - ssh-14, ssh-15, ssh-21
6768
- 'inspec exec https://github.com/dev-sec/ssh-baseline/ -t docker://$(cat ${container_id}) --controls=ssh-01 ssh-02 ssh-03 ssh-04 ssh-05 ssh-06 ssh-07 ssh-08 ssh-09 ssh-10 ssh-11 ssh-12 ssh-13 ssh-16 ssh-17 ssh-18 ssh-19 ssh-20 --no-distinct-exit'
6869

6970
notifications:

0 commit comments

Comments
 (0)