Merge pull request dev-sec#104 from hardening-io/chris-rock/update-ch…

…angelog add changelog generator
rollbrettler · Dec 11, 2015 · a898f84 · a898f84
2 parents 2489177 + c722dd1
commit a898f84
Show file tree

Hide file tree

Showing 5 changed files with 132 additions and 42 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,14 +1,9 @@
 ---
 rvm:
-- 1.9.3
 - 2.0.0
 - 2.1.3
 gemfile:
 - Gemfile
 - gemfile.chef-11
 language: ruby
 bundler_args: "--without development integration openstack"
-matrix:
-  exclude:
-  - rvm: 1.9.3
-    gemfile: Gemfile
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,49 +1,131 @@
-# Changelog
+# Change Log
 
-## 1.1.0
+## [Unreleased](https://github.com/hardening-io/chef-ssh-hardening/tree/HEAD)
 
-* feature: UsePrivilegeSeparation = sandbox for ssh >= 5.9
-* feature: Debian 8 support
-* feature: UseDNS configuration option
-* feature: allow/deny users/groups configuration options
-* feature: MOTD configuration option
-* bugfix: adjust travis to work with chef12/ruby2
+[Full Changelog](https://github.com/hardening-io/chef-ssh-hardening/compare/v1.1.0...HEAD)
 
-## 1.0.3
+**Closed issues:**
 
-* improvement: reprioritize EtM-based MACs
-* improvement: move SHA1 KEX algos from default to weak profile
+- Consider using blank config\_disclaimer by default [\#94](https://github.com/hardening-io/chef-ssh-hardening/issues/94)
 
-## 1.0.2
+**Merged pull requests:**
 
-* feature: separate options for server and client configuration
-* feature: add back GCM-based ciphers
-* feature: remove legacy SSHv1 options
-* improvement: add more spec tests
-* bugfix: restart ssh service on changes
+- Configurable PasswordAuthentication  [\#102](https://github.com/hardening-io/chef-ssh-hardening/pull/102) ([linaksa](https://github.com/linaksa))
+- x11 forwarding should be configurable like tcp and agent forwarding [\#99](https://github.com/hardening-io/chef-ssh-hardening/pull/99) ([patcon](https://github.com/patcon))
+- Correct recipe names in the README [\#98](https://github.com/hardening-io/chef-ssh-hardening/pull/98) ([michaelklishin](https://github.com/michaelklishin))
+- update common kitchen.yml platforms [\#97](https://github.com/hardening-io/chef-ssh-hardening/pull/97) ([chris-rock](https://github.com/chris-rock))
+- fixes \#94 [\#95](https://github.com/hardening-io/chef-ssh-hardening/pull/95) ([chris-rock](https://github.com/chris-rock))
+- remove old slack notification [\#92](https://github.com/hardening-io/chef-ssh-hardening/pull/92) ([chris-rock](https://github.com/chris-rock))
+- update common Gemfile for chef11+12 [\#91](https://github.com/hardening-io/chef-ssh-hardening/pull/91) ([arlimus](https://github.com/arlimus))
+- common files: centos7 + rubocop [\#90](https://github.com/hardening-io/chef-ssh-hardening/pull/90) ([arlimus](https://github.com/arlimus))
+- improve metadata description [\#88](https://github.com/hardening-io/chef-ssh-hardening/pull/88) ([chris-rock](https://github.com/chris-rock))
 
-## unreleased
+## [v1.1.0](https://github.com/hardening-io/chef-ssh-hardening/tree/v1.1.0) (2015-04-28)
+[Full Changelog](https://github.com/hardening-io/chef-ssh-hardening/compare/v1.0.3...v1.1.0)
 
-* new attributes node['ssh']['client']['cbc_required'] and node['ssh']['server']['cbc_required'] replace node['ssh']['cbc_required'], which has been deprecated.
+**Closed issues:**
 
-* new attributes node['ssh']['client']['weak_hmac'] and node['ssh']['server']['weak_hmac'] replace node['ssh']['weak_hmac'], which has been deprecated.
+- Use new "UseDNS" openssh default [\#81](https://github.com/hardening-io/chef-ssh-hardening/issues/81)
+- UseDNS no [\#79](https://github.com/hardening-io/chef-ssh-hardening/issues/79)
+- Debian 8.0 \(Jessie\) ships with OpenSSH 6.7p1, enable modern algos [\#77](https://github.com/hardening-io/chef-ssh-hardening/issues/77)
+- Allow management of allow/deny users [\#75](https://github.com/hardening-io/chef-ssh-hardening/issues/75)
+- update tutorial.md [\#55](https://github.com/hardening-io/chef-ssh-hardening/issues/55)
 
-* new attributes node['ssh']['client']['weak_kex'] and node['ssh']['server']['weak_kex'] replace node['ssh']['weak_kex'], which has been deprecated.
+**Merged pull requests:**
 
-* deprecated: Manging authorized_keys for root via attributes `ssh_rootkey` and  `ssh_rootkeys` in the `users` data bag has been deprecated and emits a waning when used. Support will be removed in 2.x.
+- add Debian 8  to local test-kitchen [\#84](https://github.com/hardening-io/chef-ssh-hardening/pull/84) ([chris-rock](https://github.com/chris-rock))
+- Modern alogs for Jessie [\#83](https://github.com/hardening-io/chef-ssh-hardening/pull/83) ([Rockstar04](https://github.com/Rockstar04))
+- Update README and use OpenSSH defaults for UseDNS [\#82](https://github.com/hardening-io/chef-ssh-hardening/pull/82) ([aried3r](https://github.com/aried3r))
+- Make UseDNS configurable [\#80](https://github.com/hardening-io/chef-ssh-hardening/pull/80) ([aried3r](https://github.com/aried3r))
+- update common readme badges [\#78](https://github.com/hardening-io/chef-ssh-hardening/pull/78) ([arlimus](https://github.com/arlimus))
+- Allow deny users to be managed from attributes [\#76](https://github.com/hardening-io/chef-ssh-hardening/pull/76) ([Rockstar04](https://github.com/Rockstar04))
+- fix typo in opensshdconf.erb, remove trailing whitespace [\#74](https://github.com/hardening-io/chef-ssh-hardening/pull/74) ([zachallett](https://github.com/zachallett))
+- bugfix: adjust travis to work with chef12/ruby2 [\#73](https://github.com/hardening-io/chef-ssh-hardening/pull/73) ([arlimus](https://github.com/arlimus))
+- add privilege separation via sandbox mode for ssh \>= 5.9 [\#72](https://github.com/hardening-io/chef-ssh-hardening/pull/72) ([arlimus](https://github.com/arlimus))
+- Adding attributes to enable printing the MOTD. [\#71](https://github.com/hardening-io/chef-ssh-hardening/pull/71) ([dmerrick](https://github.com/dmerrick))
 
-## 1.0.1
+## [v1.0.3](https://github.com/hardening-io/chef-ssh-hardening/tree/v1.0.3) (2015-01-14)
+[Full Changelog](https://github.com/hardening-io/chef-ssh-hardening/compare/v1.0.2...v1.0.3)
 
-* feature: cipher, macs and key exchange algorithms are now correctly detected on
-  ubuntu 12.04+14.04, centos/oracle/redhat 6.4+6.5, debian 6+7
-* feature: UsePAM can now be configured. Locked accounts may not get access via SSH
-  if UsePAM is disabled (which is the default)
-* feature: AllowTcpForwarding is now configurable. It is safe to set it if the user
-  has a login shell anyway
-* improvement: introduced rubocop+foodcritic for linting. As a result, there has been
-  a long list of cleanups and fixes to make this project looking well-rounded again
-* bugfixes: incorrect crypto-configuration on red-hat based systems and debian
+**Closed issues:**
 
-## 1.0.0
+- Suggestion: Don't populate /root/.ssh/authorized\_keys by default [\#69](https://github.com/hardening-io/chef-ssh-hardening/issues/69)
+- prefer etm MACs [\#66](https://github.com/hardening-io/chef-ssh-hardening/issues/66)
+- disable sha1-based key exchanges [\#64](https://github.com/hardening-io/chef-ssh-hardening/issues/64)
 
-* imported ssh hardening project and updated to current version with full test suite
+**Merged pull requests:**
+
+- remove sha1 key-exchange mechanisms from default [\#70](https://github.com/hardening-io/chef-ssh-hardening/pull/70) ([arlimus](https://github.com/arlimus))
+- reprioritize etm macs [\#68](https://github.com/hardening-io/chef-ssh-hardening/pull/68) ([arlimus](https://github.com/arlimus))
+
+## [v1.0.2](https://github.com/hardening-io/chef-ssh-hardening/tree/v1.0.2) (2015-01-12)
+**Closed issues:**
+
+- release on supermarket [\#62](https://github.com/hardening-io/chef-ssh-hardening/issues/62)
+- host\_key\_files should not include ssh\_host\_ecdsa\_key on every host [\#61](https://github.com/hardening-io/chef-ssh-hardening/issues/61)
+- Protocol 1 options while SSH 2 is hard coded [\#57](https://github.com/hardening-io/chef-ssh-hardening/issues/57)
+- Configuration of root keys via databag and attributes [\#37](https://github.com/hardening-io/chef-ssh-hardening/issues/37)
+- Bad ciphers on debian 7.0 [\#25](https://github.com/hardening-io/chef-ssh-hardening/issues/25)
+- update ssh service on changes [\#24](https://github.com/hardening-io/chef-ssh-hardening/issues/24)
+
+**Merged pull requests:**
+
+- add back GCM cipher [\#67](https://github.com/hardening-io/chef-ssh-hardening/pull/67) ([arlimus](https://github.com/arlimus))
+- updating common files [\#63](https://github.com/hardening-io/chef-ssh-hardening/pull/63) ([arlimus](https://github.com/arlimus))
+- update to rubocop 0.27, exclude Berksfile [\#60](https://github.com/hardening-io/chef-ssh-hardening/pull/60) ([bkw](https://github.com/bkw))
+- updating common files [\#59](https://github.com/hardening-io/chef-ssh-hardening/pull/59) ([arlimus](https://github.com/arlimus))
+- remove options that only apply to SSH protocol version 1 [\#58](https://github.com/hardening-io/chef-ssh-hardening/pull/58) ([arlimus](https://github.com/arlimus))
+- bring back support for chef-solo [\#56](https://github.com/hardening-io/chef-ssh-hardening/pull/56) ([bkw](https://github.com/bkw))
+- add coverage dir to gitignore, add chefignore [\#54](https://github.com/hardening-io/chef-ssh-hardening/pull/54) ([bkw](https://github.com/bkw))
+- Deprecate managing authorized\_keys for root via data bag [\#52](https://github.com/hardening-io/chef-ssh-hardening/pull/52) ([bkw](https://github.com/bkw))
+- Add slack notifications [\#51](https://github.com/hardening-io/chef-ssh-hardening/pull/51) ([bkw](https://github.com/bkw))
+- make users data bag optional [\#50](https://github.com/hardening-io/chef-ssh-hardening/pull/50) ([bkw](https://github.com/bkw))
+- allow cbc, hmac and kex to be configured individually for client and server. [\#49](https://github.com/hardening-io/chef-ssh-hardening/pull/49) ([bkw](https://github.com/bkw))
+- supply proper links for the badges [\#48](https://github.com/hardening-io/chef-ssh-hardening/pull/48) ([bkw](https://github.com/bkw))
+- update travis builds to ruby 2.1.3  [\#47](https://github.com/hardening-io/chef-ssh-hardening/pull/47) ([bkw](https://github.com/bkw))
+- add gymnasium badge for dependencies [\#46](https://github.com/hardening-io/chef-ssh-hardening/pull/46) ([bkw](https://github.com/bkw))
+- update to chefspec 4.1.1 [\#45](https://github.com/hardening-io/chef-ssh-hardening/pull/45) ([bkw](https://github.com/bkw))
+- Add badges [\#44](https://github.com/hardening-io/chef-ssh-hardening/pull/44) ([bkw](https://github.com/bkw))
+- Add chef spec [\#43](https://github.com/hardening-io/chef-ssh-hardening/pull/43) ([bkw](https://github.com/bkw))
+- Update rubocop [\#42](https://github.com/hardening-io/chef-ssh-hardening/pull/42) ([bkw](https://github.com/bkw))
+- fix filenames in comments [\#41](https://github.com/hardening-io/chef-ssh-hardening/pull/41) ([bkw](https://github.com/bkw))
+- updating common files [\#40](https://github.com/hardening-io/chef-ssh-hardening/pull/40) ([arlimus](https://github.com/arlimus))
+- Chef Spec Tests [\#39](https://github.com/hardening-io/chef-ssh-hardening/pull/39) ([chris-rock](https://github.com/chris-rock))
+- improvement: switch to site location in berkshelf [\#38](https://github.com/hardening-io/chef-ssh-hardening/pull/38) ([chris-rock](https://github.com/chris-rock))
+- Lint [\#36](https://github.com/hardening-io/chef-ssh-hardening/pull/36) ([chris-rock](https://github.com/chris-rock))
+- minor change to make md table in COMPLIANCE.md work [\#35](https://github.com/hardening-io/chef-ssh-hardening/pull/35) ([jklare](https://github.com/jklare))
+- added info on crypto to readme [\#34](https://github.com/hardening-io/chef-ssh-hardening/pull/34) ([arlimus](https://github.com/arlimus))
+- improvement: added faq on locked accounts to readme [\#33](https://github.com/hardening-io/chef-ssh-hardening/pull/33) ([arlimus](https://github.com/arlimus))
+- updated kitchen images to current batch \(mysql-equivalent\) [\#32](https://github.com/hardening-io/chef-ssh-hardening/pull/32) ([arlimus](https://github.com/arlimus))
+- add recipe to unlock user accounts [\#31](https://github.com/hardening-io/chef-ssh-hardening/pull/31) ([arlimus](https://github.com/arlimus))
+- add pam option to readme [\#30](https://github.com/hardening-io/chef-ssh-hardening/pull/30) ([chris-rock](https://github.com/chris-rock))
+- fixes \#24 [\#29](https://github.com/hardening-io/chef-ssh-hardening/pull/29) ([chris-rock](https://github.com/chris-rock))
+- fix end keyword [\#28](https://github.com/hardening-io/chef-ssh-hardening/pull/28) ([arlimus](https://github.com/arlimus))
+- Debian6fix [\#27](https://github.com/hardening-io/chef-ssh-hardening/pull/27) ([arlimus](https://github.com/arlimus))
+- update kitchen tests for vagrant [\#26](https://github.com/hardening-io/chef-ssh-hardening/pull/26) ([arlimus](https://github.com/arlimus))
+- update rubocop, add default rake task. fix errors with default task [\#23](https://github.com/hardening-io/chef-ssh-hardening/pull/23) ([ehaselwanter](https://github.com/ehaselwanter))
+- update with common run\_all\_linters task [\#22](https://github.com/hardening-io/chef-ssh-hardening/pull/22) ([ehaselwanter](https://github.com/ehaselwanter))
+- adapt to new tests [\#21](https://github.com/hardening-io/chef-ssh-hardening/pull/21) ([chris-rock](https://github.com/chris-rock))
+- add openstack kitchen gem [\#20](https://github.com/hardening-io/chef-ssh-hardening/pull/20) ([chris-rock](https://github.com/chris-rock))
+- rename package name attribute from ssl\* to ssh\* [\#19](https://github.com/hardening-io/chef-ssh-hardening/pull/19) ([bkw](https://github.com/bkw))
+- passwordless users not able to log in [\#18](https://github.com/hardening-io/chef-ssh-hardening/pull/18) ([bkw](https://github.com/bkw))
+- add utf8 header and use ruby 1.9 hash syntax [\#17](https://github.com/hardening-io/chef-ssh-hardening/pull/17) ([chris-rock](https://github.com/chris-rock))
+- add Berksfile.lock Gemfile.lock to ignore list and remove it from tree [\#15](https://github.com/hardening-io/chef-ssh-hardening/pull/15) ([ehaselwanter](https://github.com/ehaselwanter))
+- Typo in username of ssh connection [\#14](https://github.com/hardening-io/chef-ssh-hardening/pull/14) ([sirkkalap](https://github.com/sirkkalap))
+- streamline .rubocop config [\#13](https://github.com/hardening-io/chef-ssh-hardening/pull/13) ([ehaselwanter](https://github.com/ehaselwanter))
+- use the role from the integration test suite, not distinct recipes [\#12](https://github.com/hardening-io/chef-ssh-hardening/pull/12) ([ehaselwanter](https://github.com/ehaselwanter))
+- fix rubocop violations [\#11](https://github.com/hardening-io/chef-ssh-hardening/pull/11) ([ehaselwanter](https://github.com/ehaselwanter))
+- fix foodcritic violations [\#10](https://github.com/hardening-io/chef-ssh-hardening/pull/10) ([ehaselwanter](https://github.com/ehaselwanter))
+- made TCP and Agent Forwarding configurable [\#9](https://github.com/hardening-io/chef-ssh-hardening/pull/9) ([atomic111](https://github.com/atomic111))
+- be more forgiving and relax rubocop [\#8](https://github.com/hardening-io/chef-ssh-hardening/pull/8) ([ehaselwanter](https://github.com/ehaselwanter))
+- add lint and spec infrastructure [\#7](https://github.com/hardening-io/chef-ssh-hardening/pull/7) ([ehaselwanter](https://github.com/ehaselwanter))
+- integrate sharedtests [\#6](https://github.com/hardening-io/chef-ssh-hardening/pull/6) ([ehaselwanter](https://github.com/ehaselwanter))
+- remove aes-gcm algos from Ciphers, because of http://www.openssh.com/txt/gcmrekey.adv [\#5](https://github.com/hardening-io/chef-ssh-hardening/pull/5) ([atomic111](https://github.com/atomic111))
+- fix really old copy-n-paste error in readme [\#4](https://github.com/hardening-io/chef-ssh-hardening/pull/4) ([arlimus](https://github.com/arlimus))
+- Contributing guide [\#3](https://github.com/hardening-io/chef-ssh-hardening/pull/3) ([arlimus](https://github.com/arlimus))
+- added all kitchen test for ssh\_config + sshd\_config and added TUTORIAL.md [\#2](https://github.com/hardening-io/chef-ssh-hardening/pull/2) ([atomic111](https://github.com/atomic111))
+- add license and improve styling [\#1](https://github.com/hardening-io/chef-ssh-hardening/pull/1) ([chris-rock](https://github.com/chris-rock))
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
diff --git a/Gemfile b/Gemfile
@@ -2,7 +2,7 @@
 
 source 'https://rubygems.org'
 
-gem 'berkshelf',  '~> 3.0'
+gem 'berkshelf',  '~> 4.0'
 gem 'chef',       '>= 12.0'
 
 group :test do
@@ -31,3 +31,7 @@ end
 group :openstack do
   gem 'kitchen-openstack'
 end
+
+group :tools do
+  gem 'github_changelog_generator', '~> 1'
+end
diff --git a/Rakefile b/Rakefile
@@ -61,3 +61,12 @@ begin
 rescue LoadError
   puts '>>>>> Kitchen gem not loaded, omitting tasks' unless ENV['CI']
 end
+
+# Automatically generate a changelog for this project. Only loaded if
+# the necessary gem is installed.
+begin
+  require 'github_changelog_generator/task'
+  GitHubChangelogGenerator::RakeTask.new :changelog
+rescue LoadError
+  puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks'
+end
diff --git a/gemfile.chef-11 b/gemfile.chef-11
@@ -2,8 +2,8 @@
 
 source 'https://rubygems.org'
 
-gem 'berkshelf',  '~> 3.0'
-gem 'chef',       '~> 11.16'
+gem 'berkshelf',  '~> 4.0'
+gem 'chef',       '~> 11.18'
 
 group :test do
   gem 'rake'