From 7b48cef88fc2b0370f3f04eefe89729592ccbc3b Mon Sep 17 00:00:00 2001 From: Mahdi Abbasi Date: Fri, 23 Dec 2022 17:30:30 +0330 Subject: [PATCH 1/5] Fix bug related to issue #537 Signed-off-by: Mahdi Abbasi --- roles/os_hardening/tasks/hardening.yml | 1 - roles/os_hardening/tasks/selinux.yml | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/os_hardening/tasks/hardening.yml b/roles/os_hardening/tasks/hardening.yml index ec77a7f29..99a804e13 100644 --- a/roles/os_hardening/tasks/hardening.yml +++ b/roles/os_hardening/tasks/hardening.yml @@ -115,5 +115,4 @@ import_tasks: selinux.yml tags: selinux when: - - ansible_facts.selinux.status == 'enabled' - os_selinux_enabled | bool diff --git a/roles/os_hardening/tasks/selinux.yml b/roles/os_hardening/tasks/selinux.yml index b1539d048..baccf381a 100644 --- a/roles/os_hardening/tasks/selinux.yml +++ b/roles/os_hardening/tasks/selinux.yml @@ -1,5 +1,10 @@ --- +- name: Gather the package facts + package_facts: + manager: auto + - name: Configure selinux | selinux-01 selinux: policy: "{{ os_selinux_policy }}" state: "{{ os_selinux_state }}" + when: "'libselinux' in ansible_facts.packages" From aa095c4f598caa3146cd5c89bb54f7c6f10ecbad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Dec 2022 10:28:54 +0100 Subject: [PATCH 2/5] Bump actions/setup-python from 1 to 4 (#611) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 1 to 4. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v1...v4) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Mahdi Abbasi --- .github/workflows/mysql_hardening.yml | 2 +- .github/workflows/nginx_hardening.yml | 2 +- .github/workflows/os_hardening.yml | 2 +- .github/workflows/ssh_hardening.yml | 2 +- .github/workflows/ssh_hardening_custom_tests.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/mysql_hardening.yml b/.github/workflows/mysql_hardening.yml index 31f783df4..85bddcc98 100644 --- a/.github/workflows/mysql_hardening.yml +++ b/.github/workflows/mysql_hardening.yml @@ -47,7 +47,7 @@ jobs: submodules: true - name: Set up Python 3.7 - uses: actions/setup-python@v1 + uses: actions/setup-python@v4 with: python-version: 3.7 diff --git a/.github/workflows/nginx_hardening.yml b/.github/workflows/nginx_hardening.yml index ecaa59c0a..a17cf1cdd 100644 --- a/.github/workflows/nginx_hardening.yml +++ b/.github/workflows/nginx_hardening.yml @@ -46,7 +46,7 @@ jobs: submodules: true - name: Set up Python 3.7 - uses: actions/setup-python@v1 + uses: actions/setup-python@v4 with: python-version: 3.7 diff --git a/.github/workflows/os_hardening.yml b/.github/workflows/os_hardening.yml index f4545cb4a..cf8aa6ef0 100644 --- a/.github/workflows/os_hardening.yml +++ b/.github/workflows/os_hardening.yml @@ -45,7 +45,7 @@ jobs: submodules: true - name: Set up Python 3.7 - uses: actions/setup-python@v1 + uses: actions/setup-python@v4 with: python-version: 3.7 diff --git a/.github/workflows/ssh_hardening.yml b/.github/workflows/ssh_hardening.yml index 2e5e6b81e..9f618fa74 100644 --- a/.github/workflows/ssh_hardening.yml +++ b/.github/workflows/ssh_hardening.yml @@ -46,7 +46,7 @@ jobs: submodules: true - name: Set up Python 3.7 - uses: actions/setup-python@v1 + uses: actions/setup-python@v4 with: python-version: 3.7 diff --git a/.github/workflows/ssh_hardening_custom_tests.yml b/.github/workflows/ssh_hardening_custom_tests.yml index 45a3e3a52..3b1a4ebcb 100644 --- a/.github/workflows/ssh_hardening_custom_tests.yml +++ b/.github/workflows/ssh_hardening_custom_tests.yml @@ -46,7 +46,7 @@ jobs: submodules: true - name: Set up Python 3.7 - uses: actions/setup-python@v1 + uses: actions/setup-python@v4 with: python-version: 3.7 From b6d1b2c433a08368e29a74b44cc26576a98083a0 Mon Sep 17 00:00:00 2001 From: dev-sec CI Date: Sat, 24 Dec 2022 09:43:18 +0000 Subject: [PATCH 3/5] update changelog Signed-off-by: Mahdi Abbasi --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0091c25f2..6977b0728 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ # Changelog +## [9.0.0](https://github.com/dev-sec/ansible-collection-hardening/tree/9.0.0) (2022-12-24) + +[Full Changelog](https://github.com/dev-sec/ansible-collection-hardening/compare/8.4.0...9.0.0) + +**Merged pull requests:** + +- Bump actions/setup-python from 1 to 4 [\#611](https://github.com/dev-sec/ansible-collection-hardening/pull/611) [[mysql_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/mysql_hardening)] [[os_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/os_hardening)] [[ssh_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/ssh_hardening)] [[nginx_hardening](https://github.com/dev-sec/ansible-collection-hardening/labels/nginx_hardening)] ([dependabot[bot]](https://github.com/apps/dependabot)) +- Bump creyD/prettier\_action from 3.1 to 4.2 [\#610](https://github.com/dev-sec/ansible-collection-hardening/pull/610) ([dependabot[bot]](https://github.com/apps/dependabot)) + ## [8.4.0](https://github.com/dev-sec/ansible-collection-hardening/tree/8.4.0) (2022-12-17) [Full Changelog](https://github.com/dev-sec/ansible-collection-hardening/compare/8.3.0...8.4.0) From 4774c0bbf5d377d12198d4af379a63731071d3e4 Mon Sep 17 00:00:00 2001 From: Mahdi Abbasi Date: Sat, 24 Dec 2022 20:14:48 +0330 Subject: [PATCH 4/5] Resolve the condition issue for SELinux Signed-off-by: Mahdi Abbasi --- roles/os_hardening/tasks/selinux.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/os_hardening/tasks/selinux.yml b/roles/os_hardening/tasks/selinux.yml index baccf381a..3ea028fdc 100644 --- a/roles/os_hardening/tasks/selinux.yml +++ b/roles/os_hardening/tasks/selinux.yml @@ -7,4 +7,7 @@ selinux: policy: "{{ os_selinux_policy }}" state: "{{ os_selinux_state }}" - when: "'libselinux' in ansible_facts.packages" + when: + - "'libselinux' in ansible_facts.packages" + - "'libselinux-python' in ansible_facts.packages" + - "'policycoreutils-python' in ansible_facts.packages" From 9c145322e5689f0d6e87527b4e612dde40108d78 Mon Sep 17 00:00:00 2001 From: Mahdi Abbasi Date: Thu, 29 Dec 2022 20:28:39 +0330 Subject: [PATCH 5/5] Fix the issue for openSUSE in SELinux Signed-off-by: Mahdi Abbasi --- roles/os_hardening/tasks/selinux.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/os_hardening/tasks/selinux.yml b/roles/os_hardening/tasks/selinux.yml index 3ea028fdc..05af16d10 100644 --- a/roles/os_hardening/tasks/selinux.yml +++ b/roles/os_hardening/tasks/selinux.yml @@ -1,4 +1,11 @@ --- +- name: Install python310-rpm | openSUSE + zypper: + name: python310-rpm + state: present + update_cache: true + when: ansible_facts.os_family == 'Suse' + - name: Gather the package facts package_facts: manager: auto