update supported OS in meta and fix linting (#572)

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

.github/workflows/ansible-lint.yml

@@ -15,43 +15,4 @@ jobs:
         # replace "master" with any valid ref
         uses: ansible/ansible-lint-action@main
         with:
-          # [required]
-          # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
-          # or valid Ansible directories according to the Ansible role
-          # directory structure.
-          # If you want to lint multiple ansible files, use the following syntax
-          # targets: |
-          #   playbook_1.yml
-          #   playbook_2.yml
-          targets: "roles/"
-          # [optional]
-          # Arguments to override a package and its version to be set explicitly.
-          # Must follow the example syntax.
-          # override-deps: |
-          #   ansible==2.9
-          #   ansible-lint==4.2.0
-          override-deps: |
-            rich>=9.5.1,<11.0.0
-          # [optional]
-          # Arguments to be passed to the ansible-lint
-
-          # Options:
-          #   -q                    quieter, although not silent output
-          #   -p                    parseable output in the format of pep8
-          #   --parseable-severity  parseable output including severity of rule
-          #   -r RULESDIR           specify one or more rules directories using one or
-          #                         more -r arguments. Any -r flags override the default
-          #                         rules in ansiblelint/rules, unless -R is also used.
-          #   -R                    Use default rules in ansiblelint/rules in addition to
-          #                         any extra
-          #                         rules directories specified with -r. There is no need
-          #                         to specify this if no -r flags are used
-          #   -t TAGS               only check rules whose id/tags match these values
-          #   -x SKIP_LIST          only check rules whose id/tags do not match these
-          #                         values
-          #   --nocolor             disable colored output
-          #   --exclude=EXCLUDE_PATHS
-          #                         path to directories or files to skip. This option is
-          #                         repeatable.
-          #   -c C                  Specify configuration file to use. Defaults to ".ansible-lint"
-          args: ""
+          path: "roles/"

galaxy.yml

@@ -1,3 +1,4 @@
+---
 namespace: devsec
 name: hardening
 version: 8.0.0

roles/mysql_hardening/meta/main.yml

@@ -8,15 +8,17 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - 6
-        - 7
+        - "7"
+        - "8"
     - name: Ubuntu
       versions:
-        - xenial
         - bionic
+        - focal
+        - jammy
     - name: Debian
       versions:
-        - jessie
+        - bullseye
+        - buster
     - name: Amazon
     - name: Fedora
   galaxy_tags:

roles/nginx_hardening/meta/main.yml

@@ -8,15 +8,15 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - 6
-        - 7
+        - "7"
+        - "8"
     - name: Ubuntu
       versions:
-        - xenial
         - bionic
+        - focal
+        - jammy
     - name: Debian
       versions:
-        - stretch
         - buster
         - bullseye
   galaxy_tags:

roles/os_hardening/meta/main.yml

@@ -8,22 +8,22 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - 7
-        - 8
+        - "7"
+        - "8"
     - name: Ubuntu
       versions:
-        - xenial
         - bionic
+        - focal
+        - jammy
     - name: Debian
       versions:
-        - stretch
         - buster
         - bullseye
     - name: Amazon
     - name: Fedora
-    - name: Archlinux
+    - name: ArchLinux
     - name: SmartOS
-    - name: openSUSE
+    - name: opensuse
   galaxy_tags:
     - system
     - security

roles/os_hardening/tasks/minimize_access.yml

@@ -6,7 +6,7 @@
 # also see: https://github.com/dev-sec/ansible-os-hardening/issues/219
 - name: Find files with write-permissions for group
   shell: "find -L {{ item }} -perm /go+w -type f"  # noqa command-instead-of-shell
-  with_flattened:
+  with_community.general.flattened:
     - '/usr/local/sbin'
     - '/usr/local/bin'
     - '/usr/sbin'

roles/os_hardening/tasks/rhosts.yml

@@ -15,4 +15,3 @@
   file:
     dest: '/etc/hosts.equiv'
     state: 'absent'
-

roles/os_hardening/tasks/suid_sgid.yml

@@ -6,7 +6,7 @@
     state: 'file'
     follow: 'yes'
   failed_when: false
-  with_flattened:
+  with_community.general.flattened:
     - '{{ os_security_suid_sgid_system_blacklist }}'
     - '{{ os_security_suid_sgid_blacklist }}'
 
@@ -27,6 +27,6 @@
     mode: 'a-s'
     state: 'file'
     follow: 'yes'
-  with_flattened:
+  with_community.general.flattened:
     - '{{ suid | default([]) | difference(os_security_suid_sgid_whitelist) }}'
   when: os_security_suid_sgid_remove_from_unknown | bool

roles/os_hardening/tasks/user_accounts.yml

@@ -43,7 +43,7 @@
     shell: '{{ os_nologin_shell_path }}'
     password: '*'
     createhome: false
-  with_flattened:
+  with_community.general.flattened:
     - '{{ sys_accs_cond | default([]) | difference(os_ignore_users) | list }}'
 
 - name: get all home directories in /home, but skip ignored users

roles/ssh_hardening/meta/main.yml

@@ -8,21 +8,22 @@ galaxy_info:
   platforms:
     - name: EL
       versions:
-        - 7
-        - 8
+        - "7"
+        - "8"
     - name: Ubuntu
       versions:
-        - xenial
         - bionic
+        - focal
+        - jammy
     - name: Debian
       versions:
-        - stretch
         - buster
+        - bullseye
     - name: Amazon
     - name: Fedora
-    - name: Archlinux
+    - name: ArchLinux
     - name: SmartOS
-    - name: openSUSE
+    - name: opensuse
   galaxy_tags:
     - system
     - security