This repository has been archived by the owner on Dec 26, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 198
/
.kitchen.yml
139 lines (122 loc) · 3.51 KB
/
.kitchen.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
---
driver:
name: docker
use_sudo: false
cap_add:
- SYS_ADMIN
volume:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
run_options:
tmpfs:
- /tmp
- /run
- /run/lock
run_command: /sbin/init
http_proxy: <%= ENV['http_proxy'] || nil %>
https_proxy: <%= ENV['https_proxy'] || nil %>
provisioner:
name: ansible_playbook
hosts: all
require_ansible_repo: false
require_chef_for_busser: false
require_ruby_for_busser: false
ansible_verbose: true
ansible_diff: true
roles_path: ../ansible-ssh-hardening/
http_proxy: <%= ENV['http_proxy'] || nil %>
https_proxy: <%= ENV['https_proxy'] || nil %>
playbook: tests/default.yml
ansible_extra_flags:
- "--skip-tags=sysctl"
platforms:
- name: centos6-ansible-latest
driver:
image: rndmh3ro/docker-centos6-ansible:latest
platform: centos
provision_command:
- sed -i '/loginuid/d' /etc/pam.d/sshd
- name: centos7-ansible-latest
driver:
image: rndmh3ro/docker-centos7-ansible:latest
platform: centos
provision_command:
- sed -i '/nologin/d' /etc/pam.d/sshd
- systemctl enable sshd.service
- name: centos8-ansible-latest
driver:
image: rndmh3ro/docker-centos8-ansible:latest
platform: centos
provision_command:
- sed -i '/nologin/d' /etc/pam.d/sshd
- systemctl enable sshd.service
provisioner:
ansible_binary_path: "/usr/local/bin"
- name: oracle6-ansible-latest
driver:
image: rndmh3ro/docker-oracle6-ansible:latest
platform: centos
provision_command:
- sed -i '/loginuid/d' /etc/pam.d/sshd
- name: oracle7-ansible-latest
driver:
image: rndmh3ro/docker-oracle7-ansible:latest
platform: centos
provision_command:
- sed -i '/nologin/d' /etc/pam.d/sshd
- systemctl enable sshd.service
- name: ubuntu1604-ansible-latest
driver:
image: rndmh3ro/docker-ubuntu1604-ansible:latest
platform: ubuntu
provision_command:
- systemctl enable ssh.service
- name: ubuntu1804-ansible-latest
driver:
image: rndmh3ro/docker-ubuntu1804-ansible:latest
platform: ubuntu
provision_command:
- systemctl enable ssh.service
- name: debian9-ansible-latest
driver:
image: rndmh3ro/docker-debian9-ansible:latest
platform: debian
provision_command:
- apt install -y systemd-sysv
- systemctl enable ssh.service
- name: debian10-ansible-latest
driver:
image: rndmh3ro/docker-debian10-ansible
platform: debian
provision_command:
- apt install -y systemd-sysv
- systemctl enable ssh.service
- name: amazon-ansible-latest
driver:
image: rndmh3ro/docker-amazon-ansible:latest
platform: centos
provision_command:
- sed -i '/nologin/d' /etc/pam.d/sshd
- systemctl enable sshd.service
- name: fedora-ansible-latest
driver:
image: rndmh3ro/docker-fedora-ansible:latest
platform: centos
provision_command:
- dnf install -y python procps-ng
- sed -i '/nologin/d' /etc/pam.d/sshd
- systemctl enable sshd.service
- name: arch-ansible-latest
driver:
image: rndmh3ro/docker-arch-ansible:latest
platform: arch
run_command: /usr/lib/systemd/systemd
provision_command:
- sed -i '/nologin/d' /etc/pam.d/sshd
- systemctl enable sshd.service
verifier:
name: inspec
sudo: true
inspec_tests:
- https://github.com/dev-sec/ssh-baseline
suites:
- name: ssh