New Ansible os-, ssh- and mysql-hardening releases

Sebastian Gumprich
, in 23 April 2017

Hey friends,

We released new versions of ansible-os-hardening, ansible-ssh-hardening and ansible-mysql-hardening!

These releases are important to us in multiple ways:

As always, they provide new features and configuration possibilities for you to use! More on that below.

Complete tests in TravisCI

Furthermore we now leverage the full possibilities of TravisCI for the os-hardening, ssh-hardening and mysql-hardening roles. This means that all supported operating systems are now tested and verified online. For that we use customized docker-images that have Ansible pre-installed, as well as our InSpec-tests to verify the roles!

However some operating systems are still missing for mysql-hardening because we’re facing some issues that hopefully will be resolved soon!

We’re always looking for help! Join us on GitHub or Gitter chatroom.

Breaking Changes

One more important thing to note are the breaking changes.

All roles

We removed support for Ansible 1.9 in all three roles, so we can leverage the new modules and functions of Ansible 2.0!

ssh-hardening

{% for port in ssh_client_ports -%}
Port {{port}}
{% endfor %}
 
Port {{ ssh_client_port }}
    # one or more hosts, to which ssh-client can connect to.
# Default is empty, but should be configured for security reasons!
    ssh_remote_hosts: []           # ssh
# Hosts with custom options.            # ssh
# Example:
# ssh_remote_hosts:
#   - names: ['example.com', 'example2.com']
#     options: ['Port 2222', 'ForwardAgent yes']
#   - names: ['example3.com']
#     options: ['StrictHostKeyChecking no']
ssh_remote_hosts: []

mysql-hardening

Improvements

Of course we were productive in fixing bugs, improving the code and adding more features. All with the help of our awesome contributors!

os-hardening

Full Changelog

ssh-hardening

Full Changelog

mysql-hardening

Full Changelog

You can follow us on Twitter.

Thanks and have a nice and secure day!

Sebastian