automation: Update devsec.hardening to version 8.5.0

This MR contains the following updates:

Package	Type	Update	Change
devsec.hardening (source)	galaxy-collection	minor	8.3.0 -> 8.5.0

---

Release Notes

dev-sec/ansible-collection-hardening

v8.5.0

Compare Source

Full Changelog

Implemented enhancements:

• Add support for /etc/auditd.conf num_logs to go with max_log_file_action #​616
• password ageing not enforced #​570
• Rewrite system account detection and hardening and create tests #​621 [os_hardening] [ssh_hardening] (rndmh3ro)
• Add support for /etc/auditd.conf num_logs to go with max_log_file_action #​617 [os_hardening] (richardlock)
• Preserve default ownership and dir mode for /var/log on Ubuntu #​615 [os_hardening] (stdtom)
• rewrite user home dir hardening #​584 [os_hardening] (DonEstefan)
• apply password age settings to exisiting regular users #​582 [os_hardening] (DonEstefan)
• Parametrize more auditd.conf options #​535 [os_hardening] (kravietz)

Fixed bugs:

• os_hardening is setting wrong ownership for /var/log on Ubuntu #​614
• [os_hardening] Task for setting initramfs modules does not match its condition #​590 [os_hardening]
• Support for Amazon Linux 2 #​624 [ssh_hardening] (mmitnyan)

Deprecated:

• deprecate rebuilding of initramfs #​618 [os_hardening] (rndmh3ro)

Closed issues:

• Ubuntu 22.04 vars file missing? #​619
• SSH KexAlgorithms causes SSH daemon to fail #​500
• Playbook won't run for hardening #​462

Merged pull requests:

• do not let dependabot label our prs #​626 (rndmh3ro)
• run linting only when files inside roles change #​625 (rndmh3ro)
• cancel running tests if new commit to branch is made #​622 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• Fixed problems with running molecule locally with cgroup v2 #​620 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)
• Bump actions/setup-python from 1 to 4 #​611 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (dependabot[bot])
• Bump creyD/prettier_action from 3.1 to 4.2 #​610 (dependabot[bot])
• linting #​603 [mysql_hardening] [os_hardening] [ssh_hardening] [nginx_hardening] (rndmh3ro)

v8.4.0

Compare Source

Full Changelog

Implemented enhancements:

• Implement Test for MySQL systemd service #​606
• Extended net hardening #​607 [os_hardening] (DonEstefan)
• Add OpenSUSE support #​605 [mysql_hardening] (rndmh3ro)
• Allow ssh_allow_tcp_forwarding to be a boolean #​600 [ssh_hardening] (crisbal)
• OpenBSD does not support GSSAPI Authentication #​598 [ssh_hardening] (dennisse)
• add Ansible specific templates for issues #​596 (schurzi)
• use github templates for new issues #​595 (schurzi)

Fixed bugs:

• os_auth_retries variable causes a comparison type error on pam tasks #​593
• ssh_hardening: Install selinux dependencies fails on Oracle Linux (RHEL) 9 #​585
• OpenBSD does not set distributiuon_major_version #​597 [ssh_hardening] (dennisse)

Merged pull requests:

• Check for github action updates daily #​609 (jlosito)
• add verify-task to check if mysql is running and enabled #​608 [mysql_hardening] (rndmh3ro)
• Updates handlers for new ansible syntax and deprecated options for legacy commands #​602 [os_hardening] (jsievertde)
• add notice to sign-off work to contributor guideline #​601 (schurzi)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.