automation: Update devsec.hardening to version 10

This MR contains the following updates:

Package	Type	Update	Change
devsec.hardening	galaxy-collection	major	8.8.0 -> 10.0.0

---

Release Notes

dev-sec/ansible-collection-hardening (devsec.hardening)

v10.0.0

Compare Source

Changelog

10.0.0 (2024-08-06)

Full Changelog

Implemented enhancements:

• option to disable regeneration of ssh private key #​772
• Ubuntu 24.04 support #​764
• Support systemd socket activation for sshd #​763 [ssh_hardening]
• Release 9.0.2 #​758
• Make Publickey authentication configurable #​750
• Ansible Linting #​747
• Make value of kernel.unprivileged_userns_clone depending on kernel version #​727
• Ensure that ssh is installed (cf #​771) #​774 [ssh_hardening] (Byh0ki)
• ssh: explicitly enable or disable the service at boot #​771 [ssh_hardening] (Byh0ki)
• disable systemd socket activation #​769 [ssh_hardening] (rndmh3ro)
• Add ssh_pubkey_authentication variable to ssh hardening #​749 [ssh_hardening] (debbabi)

Fixed bugs:

• ssh hardening role fails when ssh_permit_root_login var is set on ubuntu 24.04 #​768
• os_hardening fails when setting vm.mmap_rnd_bits #​757
• ssh_gateway_ports is documented to accept 'clientspecified' string, but only accepts bools #​755
• Error: Missing privilege separation directory: /run/sshd #​752
• harden permissions for directory mount /var/log fails for minimized Ubuntu 22.04 #​741
• Update Debian compatibility #​784 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (schurzi)
• do not force type of ssh_gateway_ports #​765 [mysql_hardening] [os_hardening] [ssh_hardening] (rndmh3ro)

Merged pull requests:

• Update to current Fedora releases #​783 [os_hardening] [ssh_hardening] (schurzi)
• Remove deprecated rebuild of initrd #​782 [os_hardening] (schurzi)
• chore(deps): update patrickjahns/version-drafter-action digest to 2076fa4 #​781 (renovate[bot])
• chore(deps): update ansible/ansible-lint digest to 95382d3 #​779 (renovate[bot])
• chore(deps): update actions/setup-python digest to 39cd149 #​778 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (renovate[bot])
• remove tests for FreeBSD12 since it's out of support #​777 [ssh_hardening] (schurzi)
• chore(deps): pin dependencies #​776 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (renovate[bot])
• Use best-practice preset for renovate #​775 (schurzi)
• Deprecate Centos Stream 8 #​770 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• centos7 is eol, remove it #​767 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• fix spelling #​766 [os_hardening] [ssh_hardening] (rndmh3ro)
• ci: define permissions for enforce-labels workflow #​760 (fgreinacher)
• Update dependency ansible-core to v2.16.5 #​754 (renovate[bot])
• Update dependency ansible-core to v2.16.4 #​751 (renovate[bot])
• Update ansible/ansible-lint action to v24 #​745 (renovate[bot])
• Always update Vagrant Boxes before using #​744 (schurzi)
• Remove Docker containers on self-hosted runner after tests #​743 (schurzi)
• Update dependency ansible-core to v2.16.3 #​742 (renovate[bot])

v9.0.1

Compare Source

Full Changelog

Implemented enhancements:

• Extend ansible-lint testing to cover our test cases #​731
• Complete tests for OS hardening #​660
• support restarts of audit service on Arch linux #​722 [os_hardening] (schurzi)

Fixed bugs:

• Fails to install #​735
• Amazon Linux gpg check fails #​734
• ssh_hardening ipv6 #​719
• boolean variable inconsistency? #​330
• Restore idempotency for disabling unused filesystems with Ansible 2.16.0 #​718 [os_hardening] (akikanellis)

Closed issues:

• 9.0.0 version number in galaxy.yml file is wrong #​740

Merged pull requests:

• restructure readme to move known limitations up top #​739 [os_hardening] [ssh_hardening] (rndmh3ro)
• release only on releases, not pre-releases #​738 (rndmh3ro)
• Update dependency ansible-core to v2.16.2 #​737 (renovate[bot])
• fix linting for github config #​736 (rndmh3ro)
• Update actions/setup-python action to v5 #​733 (renovate[bot])
• Update ansible-lint action and revise configuration to scan all Ansible code #​732 (schurzi)
• update labeler to new config format #​730 [ssh_hardening] (schurzi)
• Update dependency ansible-core to v2.16.1 #​728 [os_hardening] (renovate[bot])
• pin Ansible to always let Renovate update to the most current version in our tests #​721 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (schurzi)

v9.0.0

Compare Source

Full Changelog

Breaking changes:

• make it possible to configure more then yes and no for PermitTunnel #​715 [ssh_hardening] (rndmh3ro)
• add role argument spec for os, ssh, mysql #​687 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)

Implemented enhancements:

• Create role documentation with Automated-Ansible-Role-Documentation #​694
• Minimize access user paths should be fully configurable #​689
• Add support for Debian 12 #​672
• add testing and support for current versions of Fedora and FreeBSD #​709 [os_hardening] [ssh_hardening] (schurzi)
• feat: workflow for roles readme #​705 [ssh_hardening] (Nemental)
• do not try to drop roles in mysql hardening #​649 [mysql_hardening] (rndmh3ro)

Fixed bugs:

• nginx conf.d directory is missing on Rocky Linux 8 #​707
• Default value of ssh_client_alive_interval is inconsistent with what documentation says #​701
• [devsec.hardening.os_hardening : restart-auditd] fails #​698
• sshd_hardening role cannot be used to build system images #​697
• Error: No file was found when using first_found on Ubuntu 20.04 #​676
• PUBLIC-role breaks mysql-hardening #​648
• Error deploying the playbook #​630
• Gather facts when os_hardening role is executed with tags #​708 [os_hardening] (schurzi)

Closed issues:

• Add send-to-mailinglist to github release action #​434

Merged pull requests:

• update status badges in README #​714 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (schurzi)
• fix CI test for os_hardening #​711 [os_hardening] (schurzi)
• fix nginx CI tests #​710 [nginx_hardening] (schurzi)
• fix: roles-readme action default value #​706 [ssh_hardening] (Nemental)
• fix some wrong defaults and types in the readmes #​703 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• update links to new Ansible Galaxy #​702 [nginx_hardening] (schurzi)
• Fix typo in login.defs.j2 #​700 [os_hardening] (nejch)
• chore(deps): update actions/checkout action to v4 #​696 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (renovate[bot])
• test debian12 on VM #​695 (rndmh3ro)
• fix descriptions in readme #​693 [os_hardening] (rndmh3ro)
• feat: customize user paths default #​692 [os_hardening] (S0obi)
• disable PAM tests #​691 [os_hardening] (rndmh3ro)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.