From 7e065416daab339f22af37bd8a0af02ac5075461 Mon Sep 17 00:00:00 2001 From: Sebastian Gumprich Date: Tue, 30 Apr 2019 15:30:35 +0200 Subject: [PATCH 1/2] fix selinux stuff --- .kitchen.vagrant.yml | 4 ++-- Gemfile | 1 + tasks/hardening.yml | 2 +- tasks/selinux.yml | 2 +- tests/default.yml | 1 + tests/default_custom.yml | 1 + 6 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.kitchen.vagrant.yml b/.kitchen.vagrant.yml index 2ef1e83..ed57ea7 100644 --- a/.kitchen.vagrant.yml +++ b/.kitchen.vagrant.yml @@ -20,8 +20,8 @@ provisioner: http_proxy: <%= ENV['http_proxy'] || nil %> https_proxy: <%= ENV['https_proxy'] || nil %> -transport: - max_ssh_sessions: 5 +#transport: +# max_ssh_sessions: 5 platforms: - name: ubuntu-16.04 diff --git a/Gemfile b/Gemfile index c11b3bf..3502d8f 100644 --- a/Gemfile +++ b/Gemfile @@ -11,6 +11,7 @@ group :integration do gem 'kitchen-sync' gem 'kitchen-transport-rsync' gem 'kitchen-docker' + gem 'inspec', '~> 3' end group :tools do diff --git a/tasks/hardening.yml b/tasks/hardening.yml index 9194495..6ac8421 100644 --- a/tasks/hardening.yml +++ b/tasks/hardening.yml @@ -73,4 +73,4 @@ - name: include selinux specific tasks include_tasks: selinux.yml - when: ansible_selinux and ansible_selinux.status != "disabled" + when: ansible_selinux and ansible_selinux.status == "enabled" diff --git a/tasks/selinux.yml b/tasks/selinux.yml index 0114625..59b9a65 100644 --- a/tasks/selinux.yml +++ b/tasks/selinux.yml @@ -57,7 +57,7 @@ - name: install selinux policy command: semodule -i {{ ssh_custom_selinux_dir }}/ssh_password.pp - when: not ssh_use_pam and ansible_selinux != 'Disabled' and ssh_password_module.stdout.find('ssh_password') != 0 + when: not ssh_use_pam and ssh_password_module.stdout.find('ssh_password') != 0 # The following tasks only get executed when selinux is installed, UsePam is 'yes' and the ssh_password module is installed. # See http://danwalsh.livejournal.com/12333.html for more info diff --git a/tests/default.yml b/tests/default.yml index 8b1734f..4a495b7 100644 --- a/tests/default.yml +++ b/tests/default.yml @@ -6,6 +6,7 @@ with_items: - "openssh-clients" - "openssh-server" + - "libselinux-python" ignore_errors: true - apt: name="{{item}}" state=present update_cache=true with_items: diff --git a/tests/default_custom.yml b/tests/default_custom.yml index f5284db..66767ff 100644 --- a/tests/default_custom.yml +++ b/tests/default_custom.yml @@ -6,6 +6,7 @@ with_items: - "openssh-clients" - "openssh-server" + - "libselinux-python" ignore_errors: true - apt: name="{{item}}" state=present update_cache=true with_items: From 53e0e60520caf6f481091bbf845ed95178534c8e Mon Sep 17 00:00:00 2001 From: Sebastian Gumprich Date: Tue, 30 Apr 2019 15:29:28 +0200 Subject: [PATCH 2/2] fix more selinux stuff --- .kitchen.vagrant.yml | 3 --- .kitchen.yml | 3 --- 2 files changed, 6 deletions(-) diff --git a/.kitchen.vagrant.yml b/.kitchen.vagrant.yml index ed57ea7..89ce368 100644 --- a/.kitchen.vagrant.yml +++ b/.kitchen.vagrant.yml @@ -20,9 +20,6 @@ provisioner: http_proxy: <%= ENV['http_proxy'] || nil %> https_proxy: <%= ENV['https_proxy'] || nil %> -#transport: -# max_ssh_sessions: 5 - platforms: - name: ubuntu-16.04 driver_config: diff --git a/.kitchen.yml b/.kitchen.yml index 4234c1b..4c3d96b 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -6,9 +6,6 @@ driver: http_proxy: <%= ENV['http_proxy'] || nil %> https_proxy: <%= ENV['https_proxy'] || nil %> -transport: - max_ssh_sessions: 5 - provisioner: name: ansible_playbook hosts: all