All notable changes to the project will be documented in this file. This project adheres to Semantic Versioning.
- Dropping support for Ruby 2.1
- Dropping support for Puppet 3
- Reversed
toughen::servicesparameters - they're no longer double negatives. You'll need to flip your booleans! - Adding
inet_protocols = ipv4to postfix so it starts when ipv6 is disabled. - Made warning banner smaller
- Beaker tests not working yet
- Adding securetty settings
- Fixing some CI stuff
- Tried (and failed) to add an SSSD class. Needs work on a box with SSSD configured.
- Enabling the audisp syslog plugin for auditd
- Disabling
zeroconf - New class -
modprobe. Unifies blacklisted modules fromfilesystemandnetwork. - Extra network parameters for sysctl
- Initializing aide
- Updating yum.conf with gpg checks etc
- Adding reasonably accurate policy for scanning with oscap tools
- Moved defined types to a folder
- Fixing filesystem mount parameters
- Splitting kernel parameters so that network ones are in network.pp
- Fixing some typos
- Making travis builds work properly again
- Logic was wrong on rpcbind fact
- Adds permission controls to /etc/shadow and similar
- Fixes #1 by detecting rpcbind properly
- Adds cron config
- Fixes some noisy service calls
- Adds SSH configuration
- Adds legacy services lock down
- Adds regular services lock down, with params to control e.g. http install.
- Adds in a custom fact that finds binaries with the setuid flag, and tracks them under auditd.
- 100% STIG compliance for Auditd, the 'Systme Accounting with auditd' section.
- Forgot to bump the metadata.json version to match the tag. Doh!
- Tweaks to auditing class to meet STIG compliance standards with oscap scanner
- Tag for initial usage
- Initial bare commit