Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
ansible_lza_server_hardening
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Digital Preservation
ansible_lza_server_hardening
Repository graph
Repository graph
You can move around the graph by using the arrow keys.
42aa5529511c0a67ca2c97259f7c99f40925d277
Select Git revision
Branches
1
master
default
protected
1 result
Begin with the selected commit
Created with Raphaël 2.2.0
30
May
23
3
Feb
15
Jan
18
Dec
17
11
Oct
3
Sep
12
Aug
7
26
Jul
21
Feb
29
Jan
22
Dec
7
15
Nov
9
Oct
2
30
Aug
21
27
Jun
27
Apr
6
Mar
2
9
Aug
5
11
Apr
18
Mar
11
2
1
21
Dec
15
Sep
10
2
5
Aug
13
Jul
29
Jan
fix: logical mistake in crypto-policy condition
master
master
feat: explicitely configure crypto policy to disable weak ciphers and kex algorithms in SSH
test: onyl keep paths in vault_identity_list that we expect to exist
fix: use correct syntax to print list of Fail2Ban ignoreips as space separated string
fix: point symlink to correct default Molecule scenario
feat: add Molecule support for Ubuntu 22.04
chore: remove deprecated lint section from molecule config
feat: hide messages about skipped and ok tasks during Ansible and Molecule runs to remove clutter
refactor: use lists to store IPs and subnets that are to be ignored by fail2ban
Merge branch 'master' of https://git.slub-dresden.de/digital-preservation/ansible_lza_server_hardening
feat: add GUBS IP address for VLAN 24
fix: use correct module to regex-replace string in file
doc: add 'icmp' tags
fix: set empty CRYPTO_POLICY for sshd to make sure that SSH on RHEL respects the custom settings in sshd_config
fix: run correct Alma 8 scenario in CI
test: make pipeline jobs interruptible if a newer commit comes in
chore: migrate Rocky Linux 8 based tests to Alma Linux 8
Merge branch 'master' of https://git.slub-dresden.de/digital-preservation/ansible_lza_server_hardening
fix: make sure to remove all residuals of ClamAV from the system (packages, services)
fix: set default policy in the last step instead of an earlier step to avoid getting locked out
feat: add fail2ban exception for Greenbone Security Manager (GSM)
feat: add switch to make sure that ClamAV is not uninstalled on Archivematica-Servers
chore: remove unnecessary clamav handlers
feat: resolves GitLab issue 2368 (https://git.slub-dresden.de/import-jira-projekte/referat_2.3/-/issues/2368) by making sure that all ClamAV components are uninstalled
test: increase Molecule VMs' RAM to make sure clamav has enough RAM to even start without swapping
test: run molecule destroy even if CI job fails
feat: use Ansible's dnf module to install packages
fix: improve task waiting for ClamAV signature databases to be downloaded by being more precise about DB names and extending timeout for slow connections
chore: cleanup unused code
fix: remove EPEL installation task; we expect EPEL to be enabled on production machines already, and Molecule enables EPEL during the prepare phase
style: satisfy linter
chore: add options required by latest yamllint version
chore: deprecate RHEL 7 and add Molecule/Gitlab-CI compatibility for Rocky 8
style: use deb822 format and remove deprecated apt_key (resolves #2233 / ND-2723)
fix: undo changes done with the systemd override for rpcbind.socket, because the 'ListenStream=' and 'ListenDatagram=' don't work like I thought and are useless for what we're trying to accomplish
fix: create working version of rpcbind configuration
fix: use correct syntax for sshd_config
sec: implement Terrapin (CVE-2023-48795) config mitigations while patches are unavailable
feat: prepare tasks for NFSv3 rpcbind risk mitigations. CAUTION: as we're lacking NetApp interface info, this code is not yet tested!
feat: resolve ND-2709 'Bereinigung clamd-Services Rosetta-Server'
Loading