Skip to content

Commit 69ab9e4

Browse files
schurzischurzi
authored
Update Debian compatibility (#784)
* Update Ubuntu compatability Signed-off-by: Martin Schurz <[email protected]> * reload systemd when disabling ssh socket Signed-off-by: Martin Schurz <[email protected]> * manage systemd files Signed-off-by: Martin Schurz <[email protected]> * Create privsep directory for Debian Signed-off-by: Martin Schurz <[email protected]> * Use working Ubuntu 24.04 image for vm tests Signed-off-by: Martin Schurz <[email protected]> * Remove deprecated Debian 10 Signed-off-by: Martin Schurz <[email protected]> --------- Signed-off-by: Martin Schurz <[email protected]>
1 parent 118a0f0 commit 69ab9e4

File tree

17 files changed

+33
-48
lines changed

17 files changed

+33
-48
lines changed

.github/workflows/mysql_hardening.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,10 +40,9 @@ jobs:
4040
- centosstream9
4141
- rocky8
4242
- rocky9
43-
- ubuntu1804
4443
- ubuntu2004
4544
- ubuntu2204
46-
- debian10
45+
- ubuntu2404
4746
- debian11
4847
- debian12
4948
# - amazon # geerlingguy.mysql does not support fedora

.github/workflows/nginx_hardening.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,10 +39,9 @@ jobs:
3939
- centosstream9
4040
- rocky8
4141
- rocky9
42-
- ubuntu1804
4342
- ubuntu2004
4443
- ubuntu2204
45-
- debian10
44+
- ubuntu2404
4645
- debian11
4746
- debian12
4847
- amazon2023

.github/workflows/os_hardening.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,10 +41,9 @@ jobs:
4141
- rocky9
4242
- fedora39
4343
- fedora40
44-
- ubuntu1804
4544
- ubuntu2004
4645
- ubuntu2204
47-
- debian10
46+
- ubuntu2404
4847
- debian11
4948
- debian12
5049
- amazon2023

.github/workflows/os_hardening_vm.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,10 +41,9 @@ jobs:
4141
- generic/rocky9
4242
- fedora/39-cloud-base
4343
- fedora/40-cloud-base
44-
- generic/ubuntu1804
4544
- generic/ubuntu2004
4645
- generic/ubuntu2204
47-
- generic/debian10
46+
- alvistack/ubuntu-24.04
4847
- generic/debian11
4948
- generic/debian12
5049
- generic/opensuse15

.github/workflows/ssh_hardening.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,10 +41,9 @@ jobs:
4141
- rocky9
4242
- fedora39
4343
- fedora40
44-
- ubuntu1804
4544
- ubuntu2004
4645
- ubuntu2204
47-
- debian10
46+
- ubuntu2404
4847
- debian11
4948
- debian12
5049
- amazon2023

.github/workflows/ssh_hardening_custom_tests.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,10 +41,9 @@ jobs:
4141
- rocky9
4242
- fedora39
4343
- fedora40
44-
- ubuntu1804
4544
- ubuntu2004
4645
- ubuntu2204
47-
- debian10
46+
- ubuntu2404
4847
- debian11
4948
- debian12
5049
- amazon2023

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ This collection provides battle tested hardening for:
1515
- Linux operating systems:
1616
- CentOS 9
1717
- Rocky Linux 8/9
18-
- Debian 10/11/12
19-
- Ubuntu 18.04/20.04/22.04
18+
- Debian 11/12
19+
- Ubuntu 20.04/22.04/24.04
2020
- Amazon Linux (some roles supported)
2121
- Arch Linux (some roles supported)
2222
- Fedora 39/40 (some roles supported)

molecule/mysql_hardening/prepare.yml

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -26,13 +26,6 @@
2626
when:
2727
- ansible_os_family == 'Suse'
2828

29-
- name: Use Python 2 on Debian 10
30-
ansible.builtin.set_fact:
31-
ansible_python_interpreter: /usr/bin/python
32-
when:
33-
- ansible_distribution == 'Debian'
34-
- ansible_distribution_major_version|int == 10
35-
3629
- name: Run the equivalent of "apt-get update && apt-get upgrade"
3730
ansible.builtin.apt:
3831
upgrade: safe

molecule/ssh_hardening/prepare.yml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -62,12 +62,6 @@
6262
update_cache: true
6363
when: ansible_facts.os_family == 'Archlinux'
6464

65-
- name: Created needed directory
66-
ansible.builtin.file:
67-
path: /var/run/sshd
68-
state: directory
69-
mode: "0755"
70-
7165
- name: Create ssh host keys # noqa ignore-errors
7266
ansible.builtin.command: ssh-keygen -A
7367
when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7')

molecule/ssh_hardening_bsd/prepare.yml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,6 @@
1818
https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
1919
no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
2020
tasks:
21-
- name: Created needed directory
22-
ansible.builtin.file:
23-
path: /var/run/sshd
24-
state: directory
25-
mode: "0755"
26-
2721
- name: Create ssh host keys # noqa ignore-errors
2822
ansible.builtin.command: ssh-keygen -A
2923
when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7')

0 commit comments

Comments
 (0)