Add intial support for OpenSUSE (#250)

* Add support for OpenSUSE
dev-sec · Dec 14, 2019 · 4228e8a · 4228e8a
1 parent a0e7d0f
commit 4228e8a
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 2 deletions.
diff --git a/.kitchen.vagrant.yml b/.kitchen.vagrant.yml
@@ -21,7 +21,7 @@ provisioner:
   https_proxy: <%= ENV['https_proxy'] || nil %>
 
 transport:
-  max_ssh_sessions: 5
+  max_ssh_sessions: 1
 
 platforms:
 - name: ubuntu-16.04
@@ -54,6 +54,9 @@ platforms:
 - name: amazon
   driver_config:
     box: bento/amazonlinux-2
+- name: opensuse_tumbleweed
+  driver_config:
+    box: opensuse/Tumbleweed.x86_64
 
 verifier:
   name: inspec

diff --git a/.kitchen.yml b/.kitchen.yml
@@ -7,7 +7,7 @@ driver:
   https_proxy: <%= ENV['https_proxy'] || nil %>
 
 transport:
-  max_ssh_sessions: 5
+  max_ssh_sessions: 1
 
 provisioner:
   name: ansible_playbook
@@ -103,6 +103,14 @@ platforms:
       - dnf install -y python
       - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
       - systemctl enable sshd.service
+- name: opensuse_tumbleweed-ansible-latest
+  driver:
+    image: rndmh3ro/docker-opensuse_tumbleweed-ansible
+    platform: opensuse
+    provision_command:
+      - zypper -n install python-xml rpm-python
+      - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+      - systemctl enable sshd.service
 
 verifier:
   name: inspec

diff --git a/.travis.yml b/.travis.yml
@@ -55,6 +55,11 @@ env:
     version: latest
     run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
 
+  # - distro: opensuse_tumbleweed
+  #   init: /usr/lib/systemd/systemd
+  #   version: latest
+  #   run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro --volume=/run:/run:ro"
+
 before_install:
   # Pull container
   - 'docker pull rndmh3ro/docker-${distro}-ansible:${version}'

diff --git a/meta/main.yml b/meta/main.yml
@@ -21,6 +21,7 @@ galaxy_info:
         - buster
     - name: Amazon
     - name: Fedora
+    - name: openSUSE
   galaxy_tags:
     - system
     - security

diff --git a/vars/Suse.yml b/vars/Suse.yml
@@ -0,0 +1,31 @@
+---
+
+os_packages_pam_ccreds: 'pam_ccreds'
+os_packages_pam_passwdqc: 'pam_passwdqc'
+os_packages_pam_cracklib: 'cracklib'
+os_nologin_shell_path: '/sbin/nologin'
+
+# Different distros use different standards for /etc/shadow perms, e.g.
+# RHEL derivatives use root:root 0000, whereas Debian-based use root:shadow 0640.
+# You must provide key/value pairs for owner, group, and mode if overriding.
+os_shadow_perms:
+  owner: root
+  group: root
+  mode: '0600'
+
+os_passwd_perms:
+  owner: root
+  group: root
+  mode: '0644'
+
+os_env_umask: '027'
+
+os_auth_uid_min: 1000
+os_auth_gid_min: 1000
+os_auth_sys_uid_min: 100
+os_auth_sys_uid_max: 499
+os_auth_sys_gid_min: 100
+os_auth_sys_gid_max: 499
+
+modprobe_package: 'kmod-compat'
+auditd_package: 'audit'