--- driver: name: docker use_sudo: false cap_add: - SYS_ADMIN volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro run_options: tmpfs: - /tmp - /run - /run/lock run_command: /sbin/init http_proxy: <%= ENV['http_proxy'] || nil %> https_proxy: <%= ENV['https_proxy'] || nil %> transport: max_ssh_sessions: 1 provisioner: name: ansible_playbook hosts: all require_ansible_repo: false require_chef_for_busser: false require_ruby_for_busser: false ansible_verbose: true ansible_diff: true roles_path: ../ansible-os-hardening/ http_proxy: <%= ENV['http_proxy'] || nil %> https_proxy: <%= ENV['https_proxy'] || nil %> playbook: tests/test.yml platforms: - name: centos6-ansible-latest driver: image: rndmh3ro/docker-centos6-ansible:latest platform: centos provision_command: - sed -i '/loginuid/d' /etc/pam.d/sshd - name: centos7-ansible-latest driver: image: rndmh3ro/docker-centos7-ansible:latest platform: centos provision_command: - sed -i '/nologin/d' /etc/pam.d/sshd - systemctl enable sshd.service - name: centos8-ansible-latest driver: image: rndmh3ro/docker-centos8-ansible:latest platform: centos provision_command: - sed -i '/nologin/d' /etc/pam.d/sshd - systemctl enable sshd.service provisioner: ansible_binary_path: "/usr/local/bin" - name: oracle6-ansible-latest driver: image: rndmh3ro/docker-oracle6-ansible:latest platform: centos provision_command: - sed -i '/loginuid/d' /etc/pam.d/sshd - name: oracle7-ansible-latest driver: image: rndmh3ro/docker-oracle7-ansible:latest platform: centos provision_command: - yum -y install initscripts - sed -i '/nologin/d' /etc/pam.d/sshd - systemctl enable sshd.service - name: ubuntu1604-ansible-latest driver: image: rndmh3ro/docker-ubuntu1604-ansible:latest platform: ubuntu provision_command: - systemctl enable ssh.service - name: ubuntu1804-ansible-latest driver: image: rndmh3ro/docker-ubuntu1804-ansible:latest platform: ubuntu provision_command: - systemctl enable ssh.service - name: debian9-ansible-latest driver: image: rndmh3ro/docker-debian9-ansible:latest platform: debian provision_command: - apt install -y systemd-sysv - systemctl enable ssh.service - name: debian10-ansible-latest driver: image: rndmh3ro/docker-debian10-ansible:latest platform: debian provision_command: - apt install -y systemd-sysv - systemctl enable ssh.service - name: amazon-ansible-latest driver: image: rndmh3ro/docker-amazon-ansible:latest platform: centos provision_command: - sed -i '/nologin/d' /etc/pam.d/sshd - systemctl enable sshd.service - name: fedora-ansible-latest driver: image: rndmh3ro/docker-fedora-ansible:latest platform: centos provision_command: - dnf install -y python - sed -i '/nologin/d' /etc/pam.d/sshd - systemctl enable sshd.service - name: opensuse_tumbleweed-ansible-latest driver: image: rndmh3ro/docker-opensuse_tumbleweed-ansible platform: opensuse provision_command: - zypper -n install python-xml - sed -i '/nologin/d' /etc/pam.d/sshd - sed -i '/systemd/d' /etc/pam.d/common-session - systemctl enable sshd.service verifier: name: inspec sudo: true inspec_tests: - https://github.com/dev-sec/linux-baseline controls: # skip sysctl checks, since they make no sense in docker - /^(?!sysctl-|package-07).+/ suites: - name: os