public-health-ch/ansible/roles/dev-sec.ssh-hardening/.kitchen.yml

---
driver:
  name: docker
  use_sudo: false
  cap_add:
    - SYS_ADMIN
  volume:
    - /sys/fs/cgroup:/sys/fs/cgroup:ro
  run_options:
    tmpfs:
      - /tmp
      - /run
      - /run/lock
  run_command: /sbin/init
  http_proxy: <%= ENV['http_proxy'] || nil %>
  https_proxy: <%= ENV['https_proxy'] || nil %>

provisioner:
  name: ansible_playbook
  hosts: all
  require_ansible_repo: false
  require_chef_for_busser: false
  require_ruby_for_busser: false
  ansible_verbose: true
  ansible_diff: true

  roles_path: ../ansible-ssh-hardening/
  http_proxy: <%= ENV['http_proxy'] || nil %>
  https_proxy: <%= ENV['https_proxy'] || nil %>
  playbook: tests/default.yml

  ansible_extra_flags:
    - "--skip-tags=sysctl"

platforms:
- name: centos6-ansible-latest
  driver:
    image: rndmh3ro/docker-centos6-ansible:latest
    platform: centos
    provision_command:
      - sed -i '/loginuid/d' /etc/pam.d/sshd

- name: centos7-ansible-latest
  driver:
    image: rndmh3ro/docker-centos7-ansible:latest
    platform: centos
    provision_command:
      - sed -i '/nologin/d' /etc/pam.d/sshd
      - systemctl enable sshd.service

- name: centos8-ansible-latest
  driver:
    image: rndmh3ro/docker-centos8-ansible:latest
    platform: centos
    provision_command:
      - sed -i '/nologin/d' /etc/pam.d/sshd
      - systemctl enable sshd.service
  provisioner:
    ansible_binary_path: "/usr/local/bin"

- name: oracle6-ansible-latest
  driver:
    image: rndmh3ro/docker-oracle6-ansible:latest
    platform: centos
    provision_command:
      - sed -i '/loginuid/d' /etc/pam.d/sshd

- name: oracle7-ansible-latest
  driver:
    image: rndmh3ro/docker-oracle7-ansible:latest
    platform: centos
    provision_command:
      - sed -i '/nologin/d' /etc/pam.d/sshd
      - systemctl enable sshd.service

- name: ubuntu1604-ansible-latest
  driver:
    image: rndmh3ro/docker-ubuntu1604-ansible:latest
    platform: ubuntu
    provision_command:
      - systemctl enable ssh.service

- name: ubuntu1804-ansible-latest
  driver:
    image: rndmh3ro/docker-ubuntu1804-ansible:latest
    platform: ubuntu
    provision_command:
      - systemctl enable ssh.service

- name: debian9-ansible-latest
  driver:
    image: rndmh3ro/docker-debian9-ansible:latest
    platform: debian
    provision_command:
      - apt install -y systemd-sysv
      - systemctl enable ssh.service

- name: debian10-ansible-latest
  driver:
    image: rndmh3ro/docker-debian10-ansible
    platform: debian
    provision_command:
      - apt install -y systemd-sysv
      - systemctl enable ssh.service

- name: amazon-ansible-latest
  driver:
    image: rndmh3ro/docker-amazon-ansible:latest
    platform: centos
    provision_command:
      - sed -i '/nologin/d' /etc/pam.d/sshd
      - systemctl enable sshd.service

- name: fedora-ansible-latest
  driver:
    image: rndmh3ro/docker-fedora-ansible:latest
    platform: centos
    provision_command:
      - dnf install -y python procps-ng
      - sed -i '/nologin/d' /etc/pam.d/sshd
      - systemctl enable sshd.service

- name: arch-ansible-latest
  driver:
    image: rndmh3ro/docker-arch-ansible:latest
    platform: arch
    run_command: /usr/lib/systemd/systemd
    provision_command:
      - sed -i '/nologin/d' /etc/pam.d/sshd
      - systemctl enable sshd.service

verifier:
  name: inspec
  sudo: true
  inspec_tests:
    - https://github.com/dev-sec/ssh-baseline

suites:
- name: ssh
Ansible deployment 2017-04-24 12:22:51 +00:00			`---`
			`driver:`
			`name: docker`
			`use_sudo: false`
Ansible roles updated 2021-02-18 15:40:18 +00:00			`cap_add:`
			`- SYS_ADMIN`
			`volume:`
			`- /sys/fs/cgroup:/sys/fs/cgroup:ro`
			`run_options:`
			`tmpfs:`
			`- /tmp`
			`- /run`
			`- /run/lock`
			`run_command: /sbin/init`
Ansible deployment 2017-04-24 12:22:51 +00:00			`http_proxy: <%= ENV['http_proxy'] \|\| nil %>`
			`https_proxy: <%= ENV['https_proxy'] \|\| nil %>`

			`provisioner:`
			`name: ansible_playbook`
			`hosts: all`
			`require_ansible_repo: false`
			`require_chef_for_busser: false`
			`require_ruby_for_busser: false`
			`ansible_verbose: true`
			`ansible_diff: true`
Updated Ansible setup 2020-05-15 20:41:39 +00:00
Ansible deployment 2017-04-24 12:22:51 +00:00			`roles_path: ../ansible-ssh-hardening/`
			`http_proxy: <%= ENV['http_proxy'] \|\| nil %>`
			`https_proxy: <%= ENV['https_proxy'] \|\| nil %>`
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`playbook: tests/default.yml`
Updated Ansible setup 2020-05-15 20:41:39 +00:00
Ansible deployment 2017-04-24 12:22:51 +00:00			`ansible_extra_flags:`
			`- "--skip-tags=sysctl"`

			`platforms:`
			`- name: centos6-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-centos6-ansible:latest`
			`platform: centos`
Ansible roles updated 2021-02-18 15:40:18 +00:00			`provision_command:`
			`- sed -i '/loginuid/d' /etc/pam.d/sshd`

Ansible deployment 2017-04-24 12:22:51 +00:00			`- name: centos7-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-centos7-ansible:latest`
			`platform: centos`
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`provision_command:`
Ansible roles updated 2021-02-18 15:40:18 +00:00			`- sed -i '/nologin/d' /etc/pam.d/sshd`
			`- systemctl enable sshd.service`

			`- name: centos8-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-centos8-ansible:latest`
			`platform: centos`
			`provision_command:`
			`- sed -i '/nologin/d' /etc/pam.d/sshd`
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`- systemctl enable sshd.service`
Ansible roles updated 2021-02-18 15:40:18 +00:00			`provisioner:`
			`ansible_binary_path: "/usr/local/bin"`

Ansible deployment 2017-04-24 12:22:51 +00:00			`- name: oracle6-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-oracle6-ansible:latest`
			`platform: centos`
Ansible roles updated 2021-02-18 15:40:18 +00:00			`provision_command:`
			`- sed -i '/loginuid/d' /etc/pam.d/sshd`

Ansible deployment 2017-04-24 12:22:51 +00:00			`- name: oracle7-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-oracle7-ansible:latest`
			`platform: centos`
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`provision_command:`
Ansible roles updated 2021-02-18 15:40:18 +00:00			`- sed -i '/nologin/d' /etc/pam.d/sshd`
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`- systemctl enable sshd.service`
Ansible roles updated 2021-02-18 15:40:18 +00:00
Ansible deployment 2017-04-24 12:22:51 +00:00			`- name: ubuntu1604-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-ubuntu1604-ansible:latest`
			`platform: ubuntu`
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`provision_command:`
			`- systemctl enable ssh.service`
Ansible roles updated 2021-02-18 15:40:18 +00:00
Updated Ansible setup 2020-05-15 20:41:39 +00:00			`- name: ubuntu1804-ansible-latest`
Ansible deployment 2017-04-24 12:22:51 +00:00			`driver:`
Updated Ansible setup 2020-05-15 20:41:39 +00:00			`image: rndmh3ro/docker-ubuntu1804-ansible:latest`
			`platform: ubuntu`
			`provision_command:`
			`- systemctl enable ssh.service`
Ansible roles updated 2021-02-18 15:40:18 +00:00
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`- name: debian9-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-debian9-ansible:latest`
			`platform: debian`
			`provision_command:`
			`- apt install -y systemd-sysv`
			`- systemctl enable ssh.service`
Ansible roles updated 2021-02-18 15:40:18 +00:00
Updated Ansible setup 2020-05-15 20:41:39 +00:00			`- name: debian10-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-debian10-ansible`
			`platform: debian`
			`provision_command:`
			`- apt install -y systemd-sysv`
			`- systemctl enable ssh.service`
Ansible roles updated 2021-02-18 15:40:18 +00:00
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`- name: amazon-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-amazon-ansible:latest`
			`platform: centos`
			`provision_command:`
Ansible roles updated 2021-02-18 15:40:18 +00:00			`- sed -i '/nologin/d' /etc/pam.d/sshd`
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`- systemctl enable sshd.service`
Ansible roles updated 2021-02-18 15:40:18 +00:00
Updated Ansible setup 2020-05-15 20:41:39 +00:00			`- name: fedora-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-fedora-ansible:latest`
			`platform: centos`
			`provision_command:`
Ansible roles updated 2021-02-18 15:40:18 +00:00			`- dnf install -y python procps-ng`
			`- sed -i '/nologin/d' /etc/pam.d/sshd`
			`- systemctl enable sshd.service`

			`- name: arch-ansible-latest`
			`driver:`
			`image: rndmh3ro/docker-arch-ansible:latest`
			`platform: arch`
			`run_command: /usr/lib/systemd/systemd`
			`provision_command:`
			`- sed -i '/nologin/d' /etc/pam.d/sshd`
Updated Ansible setup 2020-05-15 20:41:39 +00:00			`- systemctl enable sshd.service`
Ansible deployment 2017-04-24 12:22:51 +00:00
			`verifier:`
			`name: inspec`
			`sudo: true`
			`inspec_tests:`
			`- https://github.com/dev-sec/ssh-baseline`

			`suites:`
			`- name: ssh`