diff --git a/.kitchen.yml b/.kitchen.yml index 69a2ca4..d912117 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -5,6 +5,8 @@ provisioner: name: ansible_playbook test_repo_uri: https://github.com/TelekomLabs/tests-ssh-hardening.git hosts: all + require_ansible_repo: false + require_ansible_omnibus: true platforms: - name: ubuntu-12.04 driver_config: @@ -30,11 +32,23 @@ platforms: driver_config: box: oracle-6.5 box_url: https://storage.us2.oraclecloud.com/v1/istoilis-istoilis/vagrant/oel65-64.box +- name: debian-6 + driver_config: + box: debian-6 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box +- name: debian-7 + driver_config: + box: debian-7 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box +- name: debian-8 + driver_config: + box: debian-8 + box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box + suites: - name: default roles_path: roles hosts: all - require_ansible_repo: true ansible_verbose: true ansible_version: 1.9.2 provisioner: diff --git a/.kitchen_debian.yml b/.kitchen_debian.yml deleted file mode 100644 index a4dd32f..0000000 --- a/.kitchen_debian.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -driver: - name: vagrant -provisioner: - name: ansible_playbook - test_repo_uri: https://github.com/TelekomLabs/tests-ssh-hardening.git - hosts: all - require_ansible_omnibus: true - ansible_omnibus_url: https://raw.githubusercontent.com/hardening-io/ansible-ssh-hardening/master/ansible-install.sh -platforms: -- name: debian-6 - driver_config: - box: debian-6 - box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-6.0.10_chef-provisionerless.box -- name: debian-7 - driver_config: - box: debian-7 - box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-7.8_chef-provisionerless.box -- name: debian-8 - driver_config: - box: debian-8 - box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box -suites: -- name: default - roles_path: roles - hosts: all - require_ansible_repo: true - ansible_verbose: true - ansible_version: 1.9.2 - provisioner: - playbook: test/integration/playbooks/default.yml diff --git a/README.md b/README.md index e6e39e1..759c49a 100644 --- a/README.md +++ b/README.md @@ -61,12 +61,9 @@ bundle exec thor kitchen:fetch-remote-tests # fast test on one machine bundle exec kitchen test default-ubuntu-1204 -# test on all machines except Debian-based machines +# test on all machines bundle exec kitchen test -# test on Debian-based machines -KITCHEN_YAML=".kitchen_debian.yml" bundle exec kitchen test - # for development bundle exec kitchen create default-ubuntu-1204 bundle exec kitchen converge default-ubuntu-1204 diff --git a/ansible-install.sh b/ansible-install.sh deleted file mode 100644 index e008f70..0000000 --- a/ansible-install.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -sudo apt-get install -y build-essential python-dev python-setuptools -cd /tmp && wget http://releases.ansible.com/ansible/ansible-latest.tar.gz -tar xzf ansible-latest.tar.gz -cd ansible-* && sudo python setup.py install diff --git a/roles/ansible-ssh-hardening/templates/opensshd.conf.j2 b/roles/ansible-ssh-hardening/templates/opensshd.conf.j2 index 52be002..07a2548 100644 --- a/roles/ansible-ssh-hardening/templates/opensshd.conf.j2 +++ b/roles/ansible-ssh-hardening/templates/opensshd.conf.j2 @@ -134,7 +134,7 @@ IgnoreUserKnownHosts yes HostbasedAuthentication no # Enable PAM to enforce system wide rules -UsePAM {{ 'yes' if ssh_use_pam else 'no' }} +UsePAM {{ 'yes' if ssh_use_pam else 'no' }} # Disable password-based authentication, it can allow for potentially easier brute-force attacks. PasswordAuthentication no