Merge pull request #217 from dev-sec/remove_eol_os

remove eol'd OS and add new
dev-sec · Apr 29, 2019 · 3b50d92 · 3b50d92
2 parents 2b037fc + 1455b6e
commit 3b50d92
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 53 deletions.
diff --git a/.kitchen.vagrant.yml b/.kitchen.vagrant.yml
@@ -24,39 +24,30 @@ transport:
   max_ssh_sessions: 5
 
 platforms:
-- name: ubuntu14.04
+- name: ubuntu-16.04
   driver_config:
-    box: opscode-ubuntu-14.04
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-14.04_chef-provisionerless.box
-- name: ubuntu16.04
+    box: bento/ubuntu-16.04
+- name: ubuntu-18.04
   driver_config:
-    box: opscode-ubuntu-16.04
-    box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_ubuntu-16.04_chef-provisionerless.box
-- name: ubuntu18.04
+    box: bento/ubuntu-18.04
+- name: centos-6
   driver_config:
-    box: ubuntu/bionic64
-- name: centos6
+    box: bento/centos-6.7
+- name: centos-7
   driver_config:
-    box: bento/centos-6.9
-- name: centos7
+    box: bento/centos-7
+- name: oracle-6
   driver_config:
-    box: bento/centos-7.3
-- name: oracle6
+    box: bento/oracle-6
+- name: oracle-7
   driver_config:
-    box: oracle-6.5
-    box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box
-- name: oracle7
+    box: bento/oracle-7
+- name: debian-9
   driver_config:
-    box: boxcutter/ol72
-- name: debian7
+    box: bento/debian-9
+- name: amazon
   driver_config:
-    box: bento/debian-7.11
-- name: debian8
-  driver_config:
-    box: bento/debian-8.8
-- name: debian9
-  driver_config:
-    box: bento/debian-9.0
+    box: bento/amazonlinux-2
 
 verifier:
   name: inspec

diff --git a/.kitchen.yml b/.kitchen.yml
@@ -48,10 +48,6 @@ platforms:
     provision_command:
       - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
       - systemctl enable sshd.service
-- name: ubuntu1404-ansible-latest
-  driver:
-    image: rndmh3ro/docker-ubuntu1404-ansible:latest
-    platform: ubuntu
 - name: ubuntu1604-ansible-latest
   driver:
     image: rndmh3ro/docker-ubuntu1604-ansible:latest
@@ -66,14 +62,6 @@ platforms:
     run_command: /sbin/init
     provision_command:
       - systemctl enable ssh.service
-- name: debian7-ansible-latest
-  driver:
-    image: rndmh3ro/docker-debian7-ansible:latest
-    platform: debian
-- name: debian8-ansible-latest
-  driver:
-    image: rndmh3ro/docker-debian8-ansible:latest
-    platform: debian
 - name: debian9-ansible-latest
   driver:
     image: rndmh3ro/docker-debian9-ansible:latest

diff --git a/.travis.yml b/.travis.yml
@@ -25,10 +25,6 @@ env:
 #    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
 #    version: latest
 
-  - distro: ubuntu1404
-    version: latest
-    init: /sbin/init
-
   - distro: ubuntu1604
     version: latest
     init: /lib/systemd/systemd
@@ -39,15 +35,6 @@ env:
     init: /lib/systemd/systemd
     run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
 
-  - distro: debian7
-    version: latest
-    init: /sbin/init
-
-  - distro: debian8
-    version: latest
-    init: /sbin/init
-    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
-
   - distro: debian9
     version: latest
     init: /lib/systemd/systemd

diff --git a/meta/main.yml b/meta/main.yml
@@ -12,15 +12,13 @@ galaxy_info:
         - 7
     - name: Ubuntu
       versions:
-        - precise
-        - trusty
         - xenial
         - bionic
     - name: Debian
       versions:
-        - wheezy
         - jessie
     - name: Amazon
+    - name: Fedora
   galaxy_tags:
     - system
     - security

diff --git a/vars/Fedora.yml b/vars/Fedora.yml
@@ -0,0 +1,31 @@
+---
+
+modprobe_package: 'module-init-tools'
+auditd_package: 'audit'
+
+os_packages_pam_ccreds: 'pam_ccreds'
+os_packages_pam_passwdqc: 'pam_passwdqc'
+os_packages_pam_cracklib: 'pam_cracklib'
+os_nologin_shell_path: '/sbin/nologin'
+
+# Different distros use different standards for /etc/shadow perms, e.g.
+# RHEL derivatives use root:root 0000, whereas Debian-based use root:shadow 0640.
+# You must provide key/value pairs for owner, group, and mode if overriding.
+os_shadow_perms:
+  owner: root
+  group: root
+  mode: '0000'
+
+os_passwd_perms:
+  owner: root
+  group: root
+  mode: '0644'
+
+os_env_umask: '027'
+
+os_auth_uid_min: 1000
+os_auth_gid_min: 1000
+os_auth_sys_uid_min: 201
+os_auth_sys_uid_max: 999
+os_auth_sys_gid_min: 201
+os_auth_sys_gid_max: 999