Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add more sysctl settings, allow overwriting #120

Merged
merged 4 commits into from Jun 27, 2017
Merged

add more sysctl settings, allow overwriting #120

merged 4 commits into from Jun 27, 2017

Conversation

rndmh3ro
Copy link
Member

No description provided.

@rndmh3ro rndmh3ro mentioned this pull request Apr 23, 2017
Closed
@rndmh3ro rndmh3ro mentioned this pull request May 1, 2017
Closed
@rndmh3ro rndmh3ro requested review from ypid and fitz123 May 28, 2017 12:52
ypid
ypid requested changes Jun 5, 2017
View reviewed changes
Copy link
Member

@ypid ypid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. One thing could be improved.

tasks/sysctl.yml Outdated
@@ -19,6 +19,10 @@
command: 'update-initramfs -u'
when: initramfs.changed

- name: create a combined sysctl-dict if overwrites are defined
set_fact: sysctl_config="{{ sysctl_config | combine(sysctl_overwrite) }}"
when: sysctl_overwrite | default(omit)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you checked that omit evaluates to False? I would not rely on that. Just use default() which defaults to False 😉

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I updated all the occurences!

ypid
ypid requested changes Jun 6, 2017
View reviewed changes
Copy link
Member

@ypid ypid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, one minor detail could be improved in the update.

tasks/suid_sgid.yml Outdated
@@ -20,5 +20,5 @@
- name: remove suid/sgid bit from all binaries except in system and user whitelist
file: path='{{item}}' mode='a-s' state=file follow=yes
with_items:
- '{{ suid | default(omit) | difference(os_security_suid_sgid_whitelist) }}'
- '{{ suid | default() | difference(os_security_suid_sgid_whitelist) }}'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case better use with_flattened and default([]) :) Similar goes with the other uses of default in with_items.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated it!

@rndmh3ro rndmh3ro merged commit 6d21d24 into master Jun 27, 2017
@rndmh3ro rndmh3ro deleted the combined_sysctl branch June 27, 2017 18:59
rndmh3ro added a commit that referenced this pull request Jul 24, 2020
@rndmh3ro
Merge pull request #120 from bachp/revoked-keys
5c68c65 
Add support to specify a list of revoked public keys
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@rndmh3ro
Merge pull request dev-sec#120 from dev-sec/combined_sysctl
6915d85 
add more sysctl settings, allow overwriting
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@rndmh3ro
Merge pull request dev-sec#120 from bachp/revoked-keys
4dd3844 
Add support to specify a list of revoked public keys
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ypid ypid ypid approved these changes

@fitz123 fitz123 Awaiting requested review from fitz123

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rndmh3ro @ypid