These releases are important to us in multiple ways:
As always, they provide new features and configuration possibilities for you to use! More on that below.
Complete tests in TravisCI
Furthermore we now leverage the full possibilities of TravisCI for the os-hardening, ssh-hardening and mysql-hardening roles. This means that all supported operating systems are now tested and verified online. For that we use customized docker-images that have Ansible pre-installed, as well as our InSpec-tests to verify the roles!
However some operating systems are still missing for mysql-hardening because we’re facing some issues that hopefully will be resolved soon!
One more important thing to note are the breaking changes.
We removed support for Ansible 1.9 in all three roles, so we can leverage the new modules and functions of Ansible 2.0!
- Change the ssh_client_ports list variable into a simple non-list variable named ssh_client_port. #84 (fullyint)
- Renamed variables in #22 (agno01) and #26
mysql_cnf_owneras variable for owner of configuration files
- set default value of
mysql_hardening_mysql_conf_dirvariable for RedHat, OracleLinux, Debian
- changed default hardcoded full path in
mysql_hardening_hardening_confvar to be based on
- Use different Hostkeys according to installed ssh version #99 (rndmh3ro)
- Remove small dh primes #97 (rndmh3ro)
- Add Ed25519 SSH host key to match ssh-baseline #96 (techraf)
- Add support for FreeBSD OpenSSH server and client #95 (jbenden)
- Defaults: Remove DSA from SSH host keys to match ssh-baseline profile #92 (techraf)
- Make ChallengeResponseAuthentication configurable #85 (rndmh3ro)
- Add CentOS7 with MariaDB support #27 (chrispoupart)
- Add follow=yes to my.cnf protect task, in case its a symlink. #21 (rndmh3ro)
You can follow us on Twitter.
Thanks and have a nice and secure day!