- feature: make UID and GID_MIN configurable in login.defs
- feature: integrate chefspec
- improvement: linting
- improvement: only restart procps for sysctl when necessary
- improvement: cpu detection for lockdown profile
- bugfix: add missing ohai dependency for standalone installation
- bugfix: site location in Berkshelf
- improvement: extend support for chef-sysctl from 0.3.x-0.6.x
- improvement: fix linting to current rubocop (0.25)
- improvement: specified supported operating systems in metadata
-
improvement: remove NTP from os-hardening Configure it via upstream modules as needed We might add a NTP hardening layer in the future
-
improvement: move /usr/bin/screen to SGID whitelisting
-
improvement: changed the log_martians value to 0 in attributes/sysctl.rb
-
bugfix: make sysctl arp restrictions apply to all devices
-
improvement: unify linting and testing; includes huge improvements to style and test scope
-
improvement: make kitchen run optional in guard, use export RUN_KITCHEN=true to enable it
-
improvement: clarify SUID/SGID options in readme
- feature: remove some dangerous packages by default
- improvement: added contributor guideline
- bugfix: correctly enable sysrqs if desired
- bugfix: determine ipv6 forwarding from user forwarding + ipv6 configuration
- bugfix: determine ipv4 forwarding from user forwarding configuration
- imported hardening project and updated to current version with full test suite