Use upstream konstruktoid/ansible-role-hardening (initial refactor for issue 96) #106
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
konstruktoid
requested review from
jsf9k,
dav3r,
felddy,
jasonodoom and
mcdonnnj
as code owners
mcdonnnj
added
improvement
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
jsf9k
changed the title
jsf9k
added
the
version bump
jsf9k
reviewed
May 29, 2024
| issue_template: /tmp/issue | ||
| journald_storage: persistent |
There was a problem hiding this comment.
Suggested change
| journald_storage: persistent | |
| # Persist journald across reboots | |
| journald_storage: persistent |
There was a problem hiding this comment.
We persist journald across reboots for of our AMIs, even those that are not hardened. To remain consistent, perhaps we should continue to use our cisagov/ansible-role-persist-journald even when using the konstruktoid/ansible-role-hardening role.
There was a problem hiding this comment.
Using the cisagov/ansible-role-persist-journald after the hardening role would ensure consistency but also add the journald_compress and journald_compress variables if needed.
Co-authored-by: Shane Frasier <maverick@maverickdolphin.com>
Co-authored-by: Shane Frasier <maverick@maverickdolphin.com>
Co-authored-by: Shane Frasier <maverick@maverickdolphin.com>
Co-authored-by: Shane Frasier <maverick@maverickdolphin.com>
Co-authored-by: Shane Frasier <maverick@maverickdolphin.com>
Co-authored-by: Shane Frasier <maverick@maverickdolphin.com>
Co-authored-by: Shane Frasier <maverick@maverickdolphin.com>
Co-authored-by: Shane Frasier <maverick@maverickdolphin.com>
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🗣 Description
This PR is a try to use upstream https://github.com/konstruktoid/ansible-role-hardening in order to close #96, it also incorporates as many changes as possible from https://github.com/cisagov/ansible-role-hardening-2/pulls?q=is%3Apr
💭 Motivation and context
See discussions at cisagov/ansible-role-hardening-2#1 (comment) and #96
🧪 Testing
Due to the AWS and other dependencies, no testing except standard role tests has been done.
✅ Pre-approval checklist
in code comments.
to reflect the changes in this PR.
✅ Pre-merge checklist
✅ Post-merge checklist