144 lines
3.5 KiB
YAML
144 lines
3.5 KiB
YAML
---
|
|
driver:
|
|
name: docker
|
|
use_sudo: false
|
|
cap_add:
|
|
- SYS_ADMIN
|
|
volume:
|
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
|
run_options:
|
|
tmpfs:
|
|
- /tmp
|
|
- /run
|
|
- /run/lock
|
|
run_command: /sbin/init
|
|
http_proxy: <%= ENV['http_proxy'] || nil %>
|
|
https_proxy: <%= ENV['https_proxy'] || nil %>
|
|
|
|
transport:
|
|
max_ssh_sessions: 1
|
|
|
|
provisioner:
|
|
name: ansible_playbook
|
|
hosts: all
|
|
require_ansible_repo: false
|
|
require_chef_for_busser: false
|
|
require_ruby_for_busser: false
|
|
ansible_verbose: true
|
|
ansible_diff: true
|
|
|
|
roles_path: ../ansible-os-hardening/
|
|
http_proxy: <%= ENV['http_proxy'] || nil %>
|
|
https_proxy: <%= ENV['https_proxy'] || nil %>
|
|
playbook: tests/test.yml
|
|
|
|
platforms:
|
|
- name: centos6-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-centos6-ansible:latest
|
|
platform: centos
|
|
provision_command:
|
|
- sed -i '/loginuid/d' /etc/pam.d/sshd
|
|
|
|
- name: centos7-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-centos7-ansible:latest
|
|
platform: centos
|
|
provision_command:
|
|
- sed -i '/nologin/d' /etc/pam.d/sshd
|
|
- systemctl enable sshd.service
|
|
|
|
- name: centos8-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-centos8-ansible:latest
|
|
platform: centos
|
|
provision_command:
|
|
- sed -i '/nologin/d' /etc/pam.d/sshd
|
|
- systemctl enable sshd.service
|
|
provisioner:
|
|
ansible_binary_path: "/usr/local/bin"
|
|
|
|
- name: oracle6-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-oracle6-ansible:latest
|
|
platform: centos
|
|
provision_command:
|
|
- sed -i '/loginuid/d' /etc/pam.d/sshd
|
|
|
|
- name: oracle7-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-oracle7-ansible:latest
|
|
platform: centos
|
|
provision_command:
|
|
- yum -y install initscripts
|
|
- sed -i '/nologin/d' /etc/pam.d/sshd
|
|
- systemctl enable sshd.service
|
|
|
|
- name: ubuntu1604-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-ubuntu1604-ansible:latest
|
|
platform: ubuntu
|
|
provision_command:
|
|
- systemctl enable ssh.service
|
|
|
|
- name: ubuntu1804-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-ubuntu1804-ansible:latest
|
|
platform: ubuntu
|
|
provision_command:
|
|
- systemctl enable ssh.service
|
|
|
|
- name: debian9-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-debian9-ansible:latest
|
|
platform: debian
|
|
provision_command:
|
|
- apt install -y systemd-sysv
|
|
- systemctl enable ssh.service
|
|
|
|
- name: debian10-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-debian10-ansible:latest
|
|
platform: debian
|
|
provision_command:
|
|
- apt install -y systemd-sysv
|
|
- systemctl enable ssh.service
|
|
|
|
- name: amazon-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-amazon-ansible:latest
|
|
platform: centos
|
|
provision_command:
|
|
- sed -i '/nologin/d' /etc/pam.d/sshd
|
|
- systemctl enable sshd.service
|
|
|
|
- name: fedora-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-fedora-ansible:latest
|
|
platform: centos
|
|
provision_command:
|
|
- dnf install -y python
|
|
- sed -i '/nologin/d' /etc/pam.d/sshd
|
|
- systemctl enable sshd.service
|
|
|
|
- name: opensuse_tumbleweed-ansible-latest
|
|
driver:
|
|
image: rndmh3ro/docker-opensuse_tumbleweed-ansible
|
|
platform: opensuse
|
|
provision_command:
|
|
- zypper -n install python-xml
|
|
- sed -i '/nologin/d' /etc/pam.d/sshd
|
|
- sed -i '/systemd/d' /etc/pam.d/common-session
|
|
- systemctl enable sshd.service
|
|
|
|
verifier:
|
|
name: inspec
|
|
sudo: true
|
|
inspec_tests:
|
|
- https://github.com/dev-sec/linux-baseline
|
|
controls:
|
|
# skip sysctl checks, since they make no sense in docker
|
|
- /^(?!sysctl-|package-07).+/
|
|
|
|
suites:
|
|
- name: os
|