Improve documentation

.ansible-lint

@@ -0,0 +1,8 @@
+---
+# .ansible-lint
+# exclude_paths included in this file are parsed relative to this file's location
+# and not relative to the CWD of execution. CLI arguments passed to the --exclude
+# option will be parsed relative to the CWD of execution.
+exclude_paths:
+  - .cache/  # implicit unless exclude_paths is defined in config
+  - .yamllint

.github/dependabot.yml

@@ -1,11 +1,12 @@
+---
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:
 # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
 
 version: 2
 updates:
-  - package-ecosystem: "pip" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "pip"  # See documentation for possible values
+    directory: "/"  # Location of package manifests
     schedule:
       interval: "daily"

.github/workflows/ansible-lint.yml

@@ -1,58 +1,58 @@
+---
 name: Ansible Lint  # feel free to pick your own name
 
-on: [push, pull_request]
+on: [push, pull_request]   # yamllint disable-line rule:truthy
 
 jobs:
   ansible-lint:
 
     runs-on: ubuntu-latest
 
     steps:
-    # Important: This sets up your GITHUB_WORKSPACE environment variable
-    - uses: actions/checkout@v2
+      # Important: This sets up your GITHUB_WORKSPACE environment variable
+      - uses: actions/checkout@v2
 
-    - name: Lint Ansible Playbook
-      # replace "master" with any valid ref
-      uses: ansible/ansible-lint-action@master
-      with:
-        # [required]
-        # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
-        # or valid Ansible directories according to the Ansible role
-        # directory structure.
-        # If you want to lint multiple ansible files, use the following syntax
-        # targets: |
-        #   playbook_1.yml
-        #   playbook_2.yml
-        targets: "roles/"
-        # [optional]
-        # Arguments to override a package and its version to be set explicitly.
-        # Must follow the example syntax.
-        # override-deps: |
-        #   ansible==2.9
-        #   ansible-lint==4.2.0
-        override-deps: |
-           rich>=9.5.1,<11.0.0
-        # [optional]
-        # Arguments to be passed to the ansible-lint
-
-        # Options:
-        #   -q                    quieter, although not silent output
-        #   -p                    parseable output in the format of pep8
-        #   --parseable-severity  parseable output including severity of rule
-        #   -r RULESDIR           specify one or more rules directories using one or
-        #                         more -r arguments. Any -r flags override the default
-        #                         rules in ansiblelint/rules, unless -R is also used.
-        #   -R                    Use default rules in ansiblelint/rules in addition to
-        #                         any extra
-        #                         rules directories specified with -r. There is no need
-        #                         to specify this if no -r flags are used
-        #   -t TAGS               only check rules whose id/tags match these values
-        #   -x SKIP_LIST          only check rules whose id/tags do not match these
-        #                         values
-        #   --nocolor             disable colored output
-        #   --exclude=EXCLUDE_PATHS
-        #                         path to directories or files to skip. This option is
-        #                         repeatable.
-        #   -c C                  Specify configuration file to use. Defaults to ".ansible-lint"
-        args: ""
+      - name: Lint Ansible Playbook
+        # replace "master" with any valid ref
+        uses: ansible/ansible-lint-action@main
+        with:
+          # [required]
+          # Paths to ansible files (i.e., playbooks, tasks, handlers etc..)
+          # or valid Ansible directories according to the Ansible role
+          # directory structure.
+          # If you want to lint multiple ansible files, use the following syntax
+          # targets: |
+          #   playbook_1.yml
+          #   playbook_2.yml
+          targets: "roles/"
+          # [optional]
+          # Arguments to override a package and its version to be set explicitly.
+          # Must follow the example syntax.
+          # override-deps: |
+          #   ansible==2.9
+          #   ansible-lint==4.2.0
+          override-deps: |
+            rich>=9.5.1,<11.0.0
+          # [optional]
+          # Arguments to be passed to the ansible-lint
 
+          # Options:
+          #   -q                    quieter, although not silent output
+          #   -p                    parseable output in the format of pep8
+          #   --parseable-severity  parseable output including severity of rule
+          #   -r RULESDIR           specify one or more rules directories using one or
+          #                         more -r arguments. Any -r flags override the default
+          #                         rules in ansiblelint/rules, unless -R is also used.
+          #   -R                    Use default rules in ansiblelint/rules in addition to
+          #                         any extra
+          #                         rules directories specified with -r. There is no need
+          #                         to specify this if no -r flags are used
+          #   -t TAGS               only check rules whose id/tags match these values
+          #   -x SKIP_LIST          only check rules whose id/tags do not match these
+          #                         values
+          #   --nocolor             disable colored output
+          #   --exclude=EXCLUDE_PATHS
+          #                         path to directories or files to skip. This option is
+          #                         repeatable.
+          #   -c C                  Specify configuration file to use. Defaults to ".ansible-lint"
+          args: ""

.github/workflows/enforce-labels.yml

@@ -1,12 +1,13 @@
+---
 name: "Enforce PR labels"
 
-on:
+on:  # yamllint disable-line rule:truthy
   pull_request_target:
     types: [labeled, unlabeled, opened, edited, synchronize]
 jobs:
   enforce-label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@main
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
+      - uses: actions/labeler@main
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/galaxy.yml

@@ -1,7 +1,7 @@
 ---
 name: Publish collection to Ansible Galaxy
 
-on:
+on:  # yamllint disable-line rule:truthy
   release:
     types:
       - published

.github/workflows/prettier-md.yml

@@ -2,7 +2,7 @@
 # https://github.com/creyD/prettier_action
 name: Prettier markdown files
 
-on:
+on:  # yamllint disable-line rule:truthy
   push:
     paths:
       - '**.md'

README.md

@@ -26,14 +26,24 @@ This collection provides battle tested hardening for:
 
 The hardening is intended to be compliant with the Inspec DevSec Baselines:
 
-- https://github.com/dev-sec/linux-baseline
-- https://github.com/dev-sec/mysql-baseline
-- https://github.com/dev-sec/nginx-baseline
-- https://github.com/dev-sec/ssh-baseline
+- <https://github.com/dev-sec/linux-baseline>
+- <https://github.com/dev-sec/mysql-baseline>
+- <https://github.com/dev-sec/nginx-baseline>
+- <https://github.com/dev-sec/ssh-baseline>
 
-## Looking for the old ansible-os-hardening role?
+## Looking for the old roles?
 
-This role is now part of the hardening-collection. You can find the old role in the branch `legacy`.
+The roles are now part of the hardening-collection.
+We have kept the old releases of the `os-hardening` role in this repository, so you can find the them by exploring older tags.
+The last release of the standalone role was [6.2.0](https://github.com/dev-sec/ansible-collection-hardening/tree/6.2.0).
+
+The other roles are in separate archives repositories
+
+- [apache_hardening](https://github.com/dev-sec/ansible-apache-hardening)
+- [mysql_hardening](https://github.com/dev-sec/ansible-mysql-hardening)
+- [nginx_hardening](https://github.com/dev-sec/ansible-nginx-hardening)
+- [ssh_hardening](https://github.com/dev-sec/ansible-ssh-hardening)
+- [windows_hardening](https://github.com/dev-sec/ansible-windows-hardening)
 
 ## Minimum required Ansible-version
 
@@ -94,6 +104,6 @@ General information:
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
 
-http://www.apache.org/licenses/LICENSE-2.0
+<http://www.apache.org/licenses/LICENSE-2.0>
 
 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

roles/ssh_hardening/README.md

@@ -49,7 +49,7 @@ Warning: This role disables root-login on the target server! Please make sure yo
   - Description: specifies an interval for sending keepalive messages.
 - `ssh_client_alive_count`
   - Default: `3`
-  - Description: defines how often keep-alive messages are sent.
+  - Description: Defines the number of acceptable unanswered client alive messages before disconnecting clients.
 - `ssh_permit_tunnel`
   - Default: `false`
   - Description: true if SSH Port Tunneling is required.