Skip to content

Latest commit

 

History

History
447 lines (305 loc) · 29.5 KB

CHANGELOG.md

File metadata and controls

447 lines (305 loc) · 29.5 KB

Changelog

Changelog generator still broken, sorry

Changes in v2.3.3

  • fix CI: use docker driver for transferring files (#290)
  • Disable new check 'os-14' for automated testing (#291)
  • Restore ability to override /etc/shadow file permissions and group owner (#293)
  • move to CentOS 8 Stream from quay.io (#295)
  • fix(pam_passwdqc): remove accidental paste from pam_passwdqc.erb (#299)

Changes in v2.3.2

  • Backwards incompatible breaking change in PR279 #284
  • Backwards incompatible breaking change in PR279 (#284) #285 (earthgecko)

v2.3.2 (2021-07-22)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Backwards incompatible breaking change in PR279 #284
  • Backwards incompatible breaking change in PR279 (#284) #285 (earthgecko)
  • Activate manage_cron_permissions to satisfy cron tests #269 (mcgege)
  • Solve bundle problem on automated tests #268 (mcgege)
  • add source for chef-utils gem (bundle confusion) #265 (mcgege)
  • Revert "secure_redirects should be set to 1 (default)" #260 (mcgege)
  • Switch to Inspec 4 to break bundler loop #257 (mcgege)

Merged pull requests:

2.3.1 (2021-07-19)

Full Changelog

Implemented enhancements:

  • Add support for Puppet 7 #267
  • allow defining parameters in hiera #248
  • Add integration tests for current platforms #172

Closed issues:

  • New warning - max_files - exceeds the default soft limit 1000 #279
  • enable_log_martians to false are logged #277
  • Dead links result in an error #271
  • Duplicate declaration #270
  • Using relative file modes can result very wrong in some cases #222

2.3.0 (2021-02-10)

Full Changelog

Implemented enhancements:

  • Use CINC (instead of InSpec 4) #212

Fixed bugs:

  • Fix Travis tests #255

Closed issues:

  • Fix broken tests in Travis CI #123

2.2.11 (2021-01-27)

Full Changelog

Closed issues:

  • Default $arp_restricted=true breaks Calico overlay network #254

2.2.10 (2020-12-28)

Full Changelog

Closed issues:

  • os_hardening failing on centos7 #241

2.2.9 (2020-12-03)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Fix for integration tests (apt-transport-https missing) #237 (mcgege)
  • Travis-CI fix (kitchen / faraday broken?) #228 (mcgege)
  • Augeas sysctl needs explicit string value #207 (mcgege)
  • Add dirs to exclude to .pdkignore #196 (mcgege)
  • Add missing dependency #184 (theosotr)

Merged pull requests:

2.2.8 (2020-06-01)

Full Changelog

Fixed bugs:

  • Minimize_access to File [/usr/bin] issue #234

Closed issues:

  • Conflicts with apache module #231

2.2.7 (2019-10-04)

Full Changelog

Closed issues:

  • disabled_services should be stopped too #224
  • os_hardening::minimize_access should treat anacrontab the same as crontab #223

2.2.6 (2019-07-24)

Full Changelog

Fixed bugs:

  • Approve stdlib v6 + resolve librarian-puppet problem #213

Closed issues:

  • Error: no implicit conversion of Integer into String #199

2.2.5 (2019-06-01)

Full Changelog

2.2.4 (2019-05-01)

Full Changelog

2.2.3 (2019-05-01)

Full Changelog

2.2.2 (2019-02-28)

Full Changelog

Fixed bugs:

  • Wrong permission on module files #175

2.2.1 (2019-01-28)

Full Changelog

2.2.0 (2019-01-27)

Full Changelog

Implemented enhancements:

Fixed bugs:

  • Rhel 7 won't boot on physical server #165

Closed issues:

  • Wrong permission on git project files ? #164
  • module on the forge is not in sync with version of github #160
  • Fix broken tests in Travis CI #123

2.1.3 (2018-11-12)

Full Changelog

Closed issues:

  • user resource conflict with puppetlabs/apache: Duplicate declaration: User[www-data] is already declared #157
  • Missing comments in managed file : file managed by puppet #146
  • Missing requirements in readme file #145

2.1.2 (2018-08-15)

Full Changelog

Implemented enhancements:

  • Deploy GRUB hardening #137 (timstoop)
  • Only allow root and members of group wheel to use su #134 (timstoop)
  • Fix permissions on /etc/gshadow, based on CIS DIL Benchmark 6.1.5. #133 (timstoop)

Merged pull requests:

  • Add stricter file permissions + PE fix #136 (mcgege)

2.1.1 (2018-05-17)

Full Changelog

Implemented enhancements:

Closed issues:

  • net.ipv4.tcp_rfc1337 not a valid sysctl key #124

Merged pull requests:

2.1.0 (2018-01-17)

Full Changelog

Implemented enhancements:

  • Use type checking by defining data types #114 (mcgege)
  • Make parameter USERGROUPS_ENAB in login.defs configurable #113 (mcgege)

Fixed bugs:

  • Limit recursive file/directory check #116 (mcgege)

Closed issues:

  • Minimize access needs a better way of removing +w on system folders #60
  • login.defs for different OS #57
  • Adduser consistency #49
  • Cleanup headers / copyright #111
  • Update some RH settings in this module #102

Merged pull requests:

2.0.0 (2017-12-19)

Full Changelog

Closed issues:

  • SLES and OEL errors when ipv6 is disabled #82
  • Failed to generate additional resources #75
  • Multiple conflicts with Puppet Enterprise #74
  • Conflict with Puppet Enterprise 2016.1.1 #71
  • allow_core_dump set to true still ends up setting /etc/security/limits.d/10.hardcore.conf and /etc/profile.d/pinerolo_profile.sh files #68
  • IPv6 setting problem #67
  • Log martian packets #66
  • Merge #64 #65
  • net.ipv6.conf.default.accept_ra #56
  • Publish new release on Puppet Forge #104

Merged pull requests:

  • Update links + contributors in README #108 (mcgege)
  • Avoid picking up users retrieved from SSSD or other domain services. #101 (tprobinson)
  • Implement linux-baseline os-10 #100 (mcgege)
  • Style Guide corrections #98 (mcgege)
  • Update module metadata #97 (mcgege)
  • Baseline sysctl-17: Enable logging of martian packets #96 (mcgege)
  • One single coredump parameter #95 (mcgege)
  • Fix for Linux Baseline os-02 #94 (mcgege)
  • Baseline os-05b: set SYS_[GU]ID_[MIN|MAX] in /etc/login.defs #92 (mcgege)
  • Remove config/scripts to prevent core dumps if function is disabled… #91 (mcgege)
  • DevSec Linux Baseline os-05 #90 (mcgege)
  • Corrected handling of /bin/su (via allow_change_user) #89 (mcgege)
  • Documentation update #88 (mcgege)
  • added switch manage_ipv6, so people could disable managing of ipv6 co… #87 (STetzel)
  • CentOS7 issue - revert "Remove link following in minimize_access file resource" #86 (mcgege)
  • Making rubocop happy #85 (artem-sidorenko)
  • Make the sysctl setting 'rp_filter' configurable #84 (mcgege)
  • Quick fix for issue #71: remove '/usr/local/bin' from managed folders #83 (mcgege)
  • Puppet-lint done for sysctl.pp #81 (bitvijays)
  • Fix the CI #80 (artem-sidorenko)
  • Adopt Puppet style guide - remove dynamic variable lookup #70 (tuxmea)
  • Remove link following in minimize_access file resource #64 (rooprob)
  • update common kitchen.yml platforms #63 (chris-rock)
  • add support for limiting password re-use. #61 (igoraj)
  • add local testing section to readme #59 (chris-rock)
  • add net.ipv6.conf.default.accept_ra. closes #56 #58 (igoraj)
  • Disable System Accounts #54 (igoraj)
  • common files: add centos 7 #53 (arlimus)
  • Prepare module for v2.0.0 #109 (mcgege)

1.1.2 (2015-05-09)

Full Changelog

Merged pull requests:

  • Update common readme badges + contributors + rubocop #52 (arlimus)
  • update common travis.yml, kitchen.yml platforms #51 (arlimus)
  • bugfix: use scoped resource for puppet 4 #50 (arlimus)

OLD Changelog

1.1.2

  • bugfix: ruby1.8+puppet+rspec interplay
  • bugfix: use scoped resource for puppet 4

1.1.1

  • feature: add stack protection configuration via sysctl (enabled)
  • bugfix: replace non-ascii char in login.defs
  • bugfix: follow links for RHEL7 /bin and /sbin
  • bugfix: fixed tty newlines
  • bugfix: minor log typos

1.1.0

API-change: renamed module to hardening-os_hardening

  • improvement: linting

1.0.2

  • improvement: only run 'update-pam' when needed

1.0.1

  • bugfix: add missing colon for user-defined paths in PATH env
  • adjust login.defs template to not log user logins (as per Debian defaults)

1.0.0

  • add verified support for puppet 3.6, remove support for puppet 3.0 and 3.4
  • improvement: streamlined rubocop and puppet-lint
  • improvement: remove stdlib fixed version dependency
  • improvement: loosened thias/sysctl dependency
  • bugfix: get puppet version in gemfile from ENV: PUPPET_VERSION

0.1.3

API-change: dry_run_on_unkown is now dry_run_on_unknown

  • feature: allow configuration of custom modules (if module loading is disabled)
  • improvement: only remove SUID/SGID if necessary
  • improvement: clarify SUID/SGID options
  • improvement: use thias/sysctl to configure sysctls (also fixes previous bugs with the template)
  • improvement: add spec tests for sysctl options
  • improvement: puppet-lint everything
  • improvement: add travis testing for lint+specs
  • improvement: use file resource instead of exec for access minimization
  • bugfix: fix typo dry_run_on_unkown -> dry_run_on_unknown
  • bugfix: don't run update initramfs on each run, only when required
  • bugfix: deactivation of kernel module loading wasn't implemented
  • bugfix: ip_forwarding wasn't activated correctly

0.1.2

  • feature: add additional ipv6 hardening to sysctl
  • feature: add test kitchen
  • improvement: remove unnecessary attributes from os_hardening::pam
  • bugfix: remove cracklib if passwdqc is used

0.1.1

  • feature: add configurable system environment
  • feature: remove suid/sgid bits from blacklist
  • feature: remove suid/sgid bits from unknown files

0.1.0

  • port from chef-os-hardening and monolithic puppet implementation

* This Changelog was automatically generated by github_changelog_generator