v4.2.0 (2023-12-22)
Closed issues:
- Dependency Dashboard #305
- Support for RHEL 8 / Rocky Linux 8 #279
- Linux Baseline tests are failing for os-13 #272
- chef exec rake lint fails, foodcritic deprecated #265
Merged pull requests:
- Update actions/upload-artifact action to v4 #312 (renovate[bot])
- Update actions/download-artifact action to v4 #311 (renovate[bot])
- Allow more changes to AuditD #310 (tdekoning93)
- CI: run for all PRs #309 (artem-sidorenko)
- Deprecation of Ubuntu 18.04 #308 (artem-sidorenko)
- CI: Update actions/checkout action to v4 #304 (renovate[bot])
- Removal of Gemfile and Rakefile #303 (artem-sidorenko)
- Testing on Oraclelinux 8 and 9 #302 (artem-sidorenko)
- Testing on Almalinux and Rockylinux 8/9 #301 (artem-sidorenko)
- Testing on the CentOS Stream 8 and 9 #300 (artem-sidorenko)
- Run tests on the current fedora 37 and 38 #299 (artem-sidorenko)
- Testing on debian 10 and 11 #298 (artem-sidorenko)
- Testing on ubuntu 18.04 and 20.04 #297 (artem-sidorenko)
v4.1.2 (2023-06-06)
Merged pull requests:
- CI: run the test workflow also on the release branches #295 (artem-sidorenko)
v4.1.1 (2023-06-06)
Merged pull requests:
- Removing coveralls #293 (artem-sidorenko)
- CI: fix - we need three guard jobs #292 (artem-sidorenko)
v4.1.0 (2023-06-06)
Closed issues:
- Amazon Linux 2 Auditd fails to restart #270
- pwquality.conf defaults or suggested config #267
- Configuration conflict when using both chef-ssh-hardening and chef-os-hardening #264
- Chef warning when /bin/su is a symlink #262
- os-hardening::profile recipe creating pinerolo_profile.sh file with .old extension on each chef-client run #255
Merged pull requests:
- CI : release workflow with upload to supermarket #290 (artem-sidorenko)
- CI: supermarket upload workflow #289 (artem-sidorenko)
- CI: disable debian-9 dokken tests for now #288 (artem-sidorenko)
- CI: add spellchecking with codespell #287 (schurzi)
- CI: another catch-all job for runs on the main code #286 (artem-sidorenko)
- CI: tests on the real DO VMs #285 (artem-sidorenko)
- CI : Kitchen - vagrant and dokken tests #284 (artem-sidorenko)
- CI: Configure Renovate #283 (renovate[bot])
- CI: run dokken jobs #282 (artem-sidorenko)
- CI: run cookstyle #281 (artem-sidorenko)
- CI: setup cinc WS in the GH actions #280 (artem-sidorenko)
- Hardening of crontabs and directories #273 (mfortin)
- Amazon Linux 2 AuditD issue #271 (mfortin)
- expose pam_unix.so options to an attribute #268 (bcg62)
- Fix warning on managing /bin/su symlink #263 (sean-nixon)
- Initial (sans Arch) auditd management support. #260 (b-dean)
- CI: testing of Centos 8 #259 (artem-sidorenko)
- CI: testing of Debian 10 #258 (artem-sidorenko)
- Fix CI: run testing on Chef 14 and 15 #256 (artem-sidorenko)
v4.0.0 (2019-04-10)
Closed issues:
- Deprecated feature sysctl_param used #230
Merged pull requests:
- Update of metadata with supported distros #252 (artem-sidorenko)
- Removal of config disclaimer attribute #249 (artem-sidorenko)
- Docs: update of supported distros #247 (artem-sidorenko)
- Removal of fedora 27 as its EOL #246 (artem-sidorenko)
- Removal of Ubuntu 14.04 support #245 (artem-sidorenko)
- Removal of Debian 8 as its EOL #244 (artem-sidorenko)
- CI: improvements with handling of different chef versions #243 (artem-sidorenko)
- Updates of metadata and readme #242 (artem-sidorenko)
- Eliminating spacing for alligment #241 (artem-sidorenko)
- Update of rubocop to 0.65 #240 (artem-sidorenko)
- CI: Run unit tests on chef 14, update of some gems, small cleanup #239 (artem-sidorenko)
- Remove sysctl cookbook dependency and use new native sysctl resource #228 (josqu4red)
v3.2.1 (2019-03-07)
Fixed bugs:
- execute[update-pam] resource fails on Ubuntu 14.04 on Azure #237
- exec-shield incompatible with Oracle Linux UEK #234
Merged pull requests:
- Use full path for executing pam-auth-update #238 (sean-nixon)
- Do not apply exec-shield if running Oracle Linux with UEK - addresses #234 #235 (eyespies)
v3.2.0 (2019-01-16)
Closed issues:
- PAM config prevents launching of GDM on Fedora 27 #206
- Migration to the new major sysctl cookbook version #198
Merged pull requests:
- Update the CI settings - this fixes it again #231 (artem-sidorenko)
- Update issue templates #229 (rndmh3ro)
- Fix CI: pin cucumber 3 #227 (artem-sidorenko)
- Make the daemon umask configurable #226 (jaksi)
- Ubuntu 18.04 is supported #223 (frederikbosch)
- Fix Fedora EOL #221 (artem-sidorenko)
- Fix fedora EOL in the CI #220 (artem-sidorenko)
- Fixing debian-9 CI tests #219 (artem-sidorenko)
- Fedora 26 is EOL, replacing with 28 #218 (artem-sidorenko)
- added ability to use template cookbook for login.defs #217 (ekelson-bcove)
- allow setting uid/gid max by attribute #215 (mattlqx)
- Update kitchen config for more platforms #213 (tas50)
- Add pam_systemd.so to system-auth-ac #207 (avanier)
v3.1.0 (2018-05-16)
Fixed bugs:
- fix metadata #204 (chris-rock)
Closed issues:
- earlier version #205
- Make auditd recipe optional #200
- Dependency on pinned, old version of sysctl #192
- compat_resource deprecated #186
- Usage of azure as cloud provider for CI #183
Merged pull requests:
- Test with Foodcritic 13 #212 (tas50)
- Test on Ruby 2.4.4 #211 (tas50)
- use sysctl 1.0 #210 (dhohengassner)
- added mail_dir attribute and moved component attributes to attributes… #209 (ekelson-bcove)
- improve testing around amazon linux #202 (chris-rock)
- Container support and dokken tests in travis CI #199 (artem-sidorenko)
- Lazy pin the sysctl major version #197 (artem-sidorenko)
- Feature/allow setting template source #196 (eyespies)
- Unpin sysctl dependency #195 (artem-sidorenko)
- add basic support for amazon linux #194 (chris-rock)
- Fix fedora shadow permissions #190 (artem-sidorenko)
- Fedora 25 is EOL, replacing with 27 #189 (artem-sidorenko)
- Remove dependency on compat_resource #188 (bablakely)
v3.0.0 (2017-12-21)
Closed issues:
- os-10 from linux-baseline is missing #167
- Removal of core dump hardening configuration if core dumps are allowed #165
- Integration testing of this cookbook in the CI #142
- Selinux enforcing support for RHEL/Centos? #106
- If I "enable" core dumps with chef-os-hardening, am I really fully enabling core dumps? #105
Merged pull requests:
- Skip auditd tests #181 (artem-sidorenko)
- Make fedora tests pass #179 (shoekstra)
- Control ownership of /var/log #178 (shoekstra)
- RH family: adapt some settings, as RH has better defaults #177 (artem-sidorenko)
- Fix for fedora: lets use generic package resource #176 (artem-sidorenko)
- Kitchen: Using the same names for platforms for different drivers #175 (artem-sidorenko)
- Enable core dumps if they are enabled via attribute #174 (artem-sidorenko)
- Selinux enforcing support for RHEL/Centos #173 (AnMoeller)
- Kitchen: Update of testing boxes/images #172 (artem-sidorenko)
- Lets disable unused filesystems per default #169 (artem-sidorenko)
v2.1.1 (2017-08-21)
Closed issues:
- Cookbook fails on CentOS Linux release 7.2.1511 - kernel.exec-shield #166
Merged pull requests:
- Fix: do not touch exec-shield on RHEL 7 #168 (artem-sidorenko)
v2.1.0 (2017-06-12)
Closed issues:
- Testing of chef 13 in the CI #155
- auditd package is not installed #145
- Procps conditional failing #48
Merged pull requests:
- CI: update to ruby 2.4.1 and gem update #164 (artem-sidorenko)
- Proper testing if kernel modules are disabled #163 (artem-sidorenko)
- Proper permissions for shadow on debian family #162 (artem-sidorenko)
- Support auditd installation on different distros #161 (artem-sidorenko)
- Docs: fix the wrong kitchen URL and add inspec #160 (artem-sidorenko)
- Chef 13 and 12 CI testing and cleanup of EOL distros #159 (artem-sidorenko)
- Install auditd package #158 (artem-sidorenko)
v2.0.1 (2017-04-11)
Fixed bugs:
- ['os-hardening']['desktop']['enable'] is missing in 2.0.0 #153
Merged pull requests:
- Default value for ['os-hardening']['desktop']['enable'] #154 (artem-sidorenko)
v2.0.0 (2017-04-06)
Implemented enhancements:
- Remove dependencies to apt and yum cookbooks. #132 (artem-sidorenko)
- Using bracket syntax to resolve deprecation message #131 (artem-sidorenko)
- remove old content #126 (chris-rock)
- Own attribute namespace for os-hardening #114 (joshmyers)
Closed issues:
- pam_passwdqc package install idempotence #134
- Openhub is not up to date #129
- login.defs.erb contains a non-ASCII character which causes a knife cookbook upload failure #122
- fixing the 4 rspec failure #121
- pam node attribute namespace error #118
- Use travis for integration testing #115
- attributes need to be localized to the
node['chef-os-hardening']namespace #113
Merged pull requests:
- Docs: removing obsolete sysctl hint #151 (artem-sidorenko)
- Moving the attributes with dependencies on other attributes to the recipes #150 (artem-sidorenko)
- Cleanup of sysctl dependency #149 (artem-sidorenko)
- Disable entropy testing #146 (artem-sidorenko)
- Execute integration tests in DigitalOcean #144 (artem-sidorenko)
- Update of Gemfile #141 (artem-sidorenko)
- Remove dependencies to apt and yum cookbooks. #140 (artem-sidorenko)
- Update of kitchen vagrant file #139 (artem-sidorenko)
- Fix the version in metadata.rb #138 (artem-sidorenko)
- Cleanup, update of links in readme #137 (artem-sidorenko)
- Use caching to improve spec performance #136 (ncs-alane)
- Add attribute to control login.defs PASS_WARN_AGE #135 (ncs-alane)
- Revert "Remove dependencies to apt and yum cookbooks." #133 (artem-sidorenko)
- Update test-kitchen settings #130 (shortdudey123)
- Opscode => Chef #128 (shortdudey123)
- Update Rubocop, Foodcritic, and Chefspec coverage #127 (shortdudey123)
- Fix links to opensource tools in README #125 (netflash)
- FIX for issue #122 non-ASCII character #124 (atomic111)
- Update rhel_system_auth.erb #120 (phillym)
- [pam-attr-namespace-fix] #119 (rljohnsn)
- Use new InSpec integration tests #117 (chris-rock)
- Fix issues highlighted in #114 #116 (chris-rock)
v1.4.1 (2016-05-29)
Implemented enhancements:
- Update changelog #103 (chris-rock)
- added inspec to gemfile and inspec verifier to kitchen.yml #101 (atomic111)
Closed issues:
- pam recipe failing with chef client > 12.8.1 #112
- pam_passwdqc installation fails on CentOS 7.1 #102
- tests fail in travis #94
- Fails when used in conjunction with openldap::auth recipe #91
- packages with known issues are not actually removed on debian/ubuntu #90
- Actually log martians? #89
- Archlinux doesn't have a limits.d directory by default #84
- Support Centos 7 #79
Merged pull requests:
- Pam options and fixes #111 (foonix)
- Enable martian logging for ipv4 #109 (foonix)
- Initial support for CentOS/RHEL 5 #108 (foonix)
- Enable pam_pwquality in rhel-family > 7 #104 (boldandbusted)
- Fix bug in execute[update-pam] resource in newer version of Chef. #100 (patcon)
- Expose list of packages to remove as an attribute #99 (mikemoate)
- Fix pam_passwdqc template #98 (chris-rock)
- Berkshelf 4 Upgrade and Ruby 1.9.3 drop #96 (chris-rock)
- Remove packages with known issues on debian/ubuntu #93 (mikemoate)
- Add SINGLE and PROMPT parameters. #92 (foonix)
- update common kitchen.yml platforms #87 (chris-rock)
- Allow sys uid min/max and sys gid min/max to be configured #86 (joshgarnett)
- fixes #84 #85 (chris-rock)
v1.3.1 (2015-07-04)
Closed issues:
- 1.3.0 release on supermarket is broken #83
v1.3.0 (2015-06-29)
Closed issues:
- possible incompatibility with Chef client release 12.4 #82
- ERROR: No resource or method named
File' forChef::Recipe "sysctl"' #80 - update tutorial.md #67
- Installation doesn't work #66
Merged pull requests:
- Update sysctl.rb #81 (Rockstar04)
- feature: implement ipv6 router advertisement settings #78 (chris-rock)
- update common Gemfile for chef11+12 #77 (arlimus)
- common files: centos7 + rubocop #76 (arlimus)
- update common kitchen.yml platforms #75 (arlimus)
- update common readme badges #74 (arlimus)
- fix SUID/SGID bit cleaning API spelling #72 (dupuy)
- RHN config check should work #71 (rapenchukd)
- update tutorial #68 (chris-rock)
v1.2.0 (2015-01-08)
Fixed bugs:
- Chef::Exceptions::Exec: yum_package[xinetd] (os-hardening::yum line 50) #57
Closed issues:
- deactivate pw_max_age #58
- can't convert String into Integer for package 'pam-ccreds' #54
- Better error handling for cpu detection #42
- ChefSpec and Ohai/Fauxhai: cpu #41
Merged pull requests:
- updating common files #65 (arlimus)
- Idempotency #64 (rmoriz)
- Badges #63 (chris-rock)
- make uid_min and gid_min of login.defs configurable #62 (bkw)
- standalone installation needs ohai cookbook as dep #61 (aschmidt75)
- updating common files #59 (arlimus)
- fix chefspec depreciation warning about
should#56 (bkw) - improve cpu detection and implement intel fallback #55 (chris-rock)
- updating common files #53 (arlimus)
- chefspec test for limites #52 (chris-rock)
- Introduce Chef Spec #51 (chris-rock)
- improvement: switch to site location in berkshelf #50 (chris-rock)
- bugfix: fix failing conditional for procps #49 (arlimus)
- Drop procps service #47 (bkw)
v1.1.2 (2014-09-08)
Closed issues:
- sysctl dependency #44
Merged pull requests:
- Sysctl update to 0.6.0 #46 (arlimus)
- Lint #43 (chris-rock)
- add more documentation about test run #40 (chris-rock)
v1.1.1 (2014-07-28)
v1.1.0 (2014-07-28)
Implemented enhancements:
- Conservative package update #10
Closed issues:
- Tagged Release #34
- passwordless users not able to log in #32
- remove ntp #19
- Tests for suid bits #15
- forwarding isn't configured #9
- properly handle sysctl again #8
- enforce security updates #7
- enable_sysrq-check is faulty #6
- Validate suid-bit removal from /bin/screen #5
Merged pull requests:
- updated kitchen images to current batch (mysql-equivalent) #39 (arlimus)
- intend fix #38 (chris-rock)
- fix wrong class definition #37 (arlimus)
- add common lint task. fix issues #35 (ehaselwanter)
- update with common run_all_linters task #33 (ehaselwanter)
- add Gemfile.lock to ignore list and remove it from tree #31 (ehaselwanter)
- streamline .rubocop config #30 (ehaselwanter)
- bugfix: make sysctl arp restrictions apply to all #29 (arlimus)
- Lint #28 (chris-rock)
- various rubocop style fixes #27 (ehaselwanter)
- fix FC019: Access node attributes in a consistent manner, use single quotes #26 (ehaselwanter)
- make kitchen run optional, ignore shred test repo #25 (ehaselwanter)
- changed the log_martians value to 0 in attributes/sysctl.rb #24 (atomic111)
- improvement: clarify SUID/SGID options in readme #23 (arlimus)
- be more forgiving and relax rubocop #22 (ehaselwanter)
- add linting, spec, guard infrastructure as well as config files #21 (ehaselwanter)
- remove ntp #20 (arlimus)
- new gem release for sharing just the integration folder #18 (ehaselwanter)
- Use shared test-repo #17 (ehaselwanter)
- improvement: move /usr/bin/screen to SGID whitelisting #14 (arlimus)
- Packages #12 (chris-rock)
- sysctl fixes #11 (arlimus)
- Contributing guide #4 (arlimus)
- Bugfix: broken link for debian wheezy vagrant box in .kitchen.yml and also broken link for NSA RedHat security guide in README.md #3 (atomic111)
- add license and improve styling #2 (chris-rock)
- Fix: markdown fix in TUTORIAL.md #1 (atomic111)
* This Changelog was automatically generated by github_changelog_generator