Skip to content

Commit b22bd27

Browse files
author
dev-sec CI
committed
update inspec.yml and changelog
1 parent 0cf9a2c commit b22bd27

File tree

2 files changed

+4
-242
lines changed

2 files changed

+4
-242
lines changed

CHANGELOG.md

Lines changed: 3 additions & 241 deletions
Original file line numberDiff line numberDiff line change
@@ -1,253 +1,15 @@
11
# Changelog
22

3-
## [Unreleased](https://github.com/dev-sec/ssh-baseline/tree/HEAD)
3+
## [2.5.2](https://github.com/dev-sec/ssh-baseline/tree/2.5.2) (2020-05-19)
44

5-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.5.1...HEAD)
5+
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.5.1...2.5.2)
66

77
**Merged pull requests:**
88

9+
- changelog only triggered when release [\#162](https://github.com/dev-sec/ssh-baseline/pull/162) ([micheelengronne](https://github.com/micheelengronne))
910
- sshd\_config custom path [\#161](https://github.com/dev-sec/ssh-baseline/pull/161) ([micheelengronne](https://github.com/micheelengronne))
1011
- Continously updated changelog [\#160](https://github.com/dev-sec/ssh-baseline/pull/160) ([micheelengronne](https://github.com/micheelengronne))
1112

12-
## [2.5.1](https://github.com/dev-sec/ssh-baseline/tree/2.5.1) (2020-05-18)
13-
14-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.5.0...2.5.1)
15-
16-
**Merged pull requests:**
17-
18-
- Align versions everywhere in the project [\#159](https://github.com/dev-sec/ssh-baseline/pull/159) ([micheelengronne](https://github.com/micheelengronne))
19-
20-
## [2.5.0](https://github.com/dev-sec/ssh-baseline/tree/2.5.0) (2020-05-18)
21-
22-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.4.1...2.5.0)
23-
24-
**Closed issues:**
25-
26-
- Mozilla OpenSSH Guidelines [\#150](https://github.com/dev-sec/ssh-baseline/issues/150)
27-
- Test SSHD running as another user [\#149](https://github.com/dev-sec/ssh-baseline/issues/149)
28-
- New release [\#147](https://github.com/dev-sec/ssh-baseline/issues/147)
29-
- Test for sha2 HMACs on RHEL 6 / CentOS 6 [\#145](https://github.com/dev-sec/ssh-baseline/issues/145)
30-
- max\_auth\_tries is a string not numeric [\#139](https://github.com/dev-sec/ssh-baseline/issues/139)
31-
- MaxAuthTries - Citation\(s\) for baseline choice. [\#137](https://github.com/dev-sec/ssh-baseline/issues/137)
32-
33-
**Merged pull requests:**
34-
35-
- API rate limiter debug [\#158](https://github.com/dev-sec/ssh-baseline/pull/158) ([micheelengronne](https://github.com/micheelengronne))
36-
- Release github workflow [\#157](https://github.com/dev-sec/ssh-baseline/pull/157) ([micheelengronne](https://github.com/micheelengronne))
37-
- In a container, sshd should not run as root [\#152](https://github.com/dev-sec/ssh-baseline/pull/152) ([micheelengronne](https://github.com/micheelengronne))
38-
- ubuntu versions [\#151](https://github.com/dev-sec/ssh-baseline/pull/151) ([micheelengronne](https://github.com/micheelengronne))
39-
- Use SHA2 HMACs in OpenSSH for RHEL family 6.5+ [\#146](https://github.com/dev-sec/ssh-baseline/pull/146) ([foonix](https://github.com/foonix))
40-
- Support of CentOS 8 [\#143](https://github.com/dev-sec/ssh-baseline/pull/143) ([artem-sidorenko](https://github.com/artem-sidorenko))
41-
- Move atribute to spec as local var [\#142](https://github.com/dev-sec/ssh-baseline/pull/142) ([kiwivogel](https://github.com/kiwivogel))
42-
- Fix deprecations [\#141](https://github.com/dev-sec/ssh-baseline/pull/141) ([kiwivogel](https://github.com/kiwivogel))
43-
- Issue 139 - Use cmp instead of be matcher to allow string matching [\#140](https://github.com/dev-sec/ssh-baseline/pull/140) ([chbiel](https://github.com/chbiel))
44-
- Issue 137 - MaxAuthTries Parameter. [\#138](https://github.com/dev-sec/ssh-baseline/pull/138) ([monobaila](https://github.com/monobaila))
45-
- Debian 10 has Openssh 7.9 with deperecated UsePrivilegeSeparation [\#135](https://github.com/dev-sec/ssh-baseline/pull/135) ([artem-sidorenko](https://github.com/artem-sidorenko))
46-
- Debian 10 support for ciphers, kex, macs [\#134](https://github.com/dev-sec/ssh-baseline/pull/134) ([artem-sidorenko](https://github.com/artem-sidorenko))
47-
48-
## [2.4.1](https://github.com/dev-sec/ssh-baseline/tree/2.4.1) (2019-05-16)
49-
50-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.4.0...2.4.1)
51-
52-
**Merged pull requests:**
53-
54-
- Bump version to 2.4.1 and switch to inspec 3 for check [\#131](https://github.com/dev-sec/ssh-baseline/pull/131) ([alexpop](https://github.com/alexpop))
55-
56-
## [2.4.0](https://github.com/dev-sec/ssh-baseline/tree/2.4.0) (2019-02-25)
57-
58-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.3.2...2.4.0)
59-
60-
**Closed issues:**
61-
62-
- need to account for sshd version when checking UseRoaming in `ssh\_config` [\#121](https://github.com/dev-sec/ssh-baseline/issues/121)
63-
- profile fails inspec check [\#101](https://github.com/dev-sec/ssh-baseline/issues/101)
64-
- Deprecated option [\#95](https://github.com/dev-sec/ssh-baseline/issues/95)
65-
66-
**Merged pull requests:**
67-
68-
- 2.4.0 [\#124](https://github.com/dev-sec/ssh-baseline/pull/124) ([chris-rock](https://github.com/chris-rock))
69-
- Allow prohibit-password as PermitRootLogin value [\#123](https://github.com/dev-sec/ssh-baseline/pull/123) ([jeremy-clerc](https://github.com/jeremy-clerc))
70-
- UseRoaming is deprecated, only check on older versions [\#122](https://github.com/dev-sec/ssh-baseline/pull/122) ([rndmh3ro](https://github.com/rndmh3ro))
71-
- Fix os detection [\#120](https://github.com/dev-sec/ssh-baseline/pull/120) ([IceBear2k](https://github.com/IceBear2k))
72-
- Update issue templates [\#118](https://github.com/dev-sec/ssh-baseline/pull/118) ([rndmh3ro](https://github.com/rndmh3ro))
73-
- Fixup of UsePrivilegeSeparation deprecation for Amazon [\#117](https://github.com/dev-sec/ssh-baseline/pull/117) ([artem-sidorenko](https://github.com/artem-sidorenko))
74-
- Deprecated UsePrivilegeSeparation for Fedora/Amazon [\#116](https://github.com/dev-sec/ssh-baseline/pull/116) ([artem-sidorenko](https://github.com/artem-sidorenko))
75-
- UseLogin is deprecated [\#114](https://github.com/dev-sec/ssh-baseline/pull/114) ([artem-sidorenko](https://github.com/artem-sidorenko))
76-
- Add separate PrivilegeSeparation check for Ubuntu 1804 [\#113](https://github.com/dev-sec/ssh-baseline/pull/113) ([rndmh3ro](https://github.com/rndmh3ro))
77-
- allow some customization of expected values depending on attributes [\#112](https://github.com/dev-sec/ssh-baseline/pull/112) ([juju4](https://github.com/juju4))
78-
- Avoid checking deprecated optinos for OpenSSH \>=7.6 [\#110](https://github.com/dev-sec/ssh-baseline/pull/110) ([artem-sidorenko](https://github.com/artem-sidorenko))
79-
- Avoid failing on EL 6 family and OpenSuse Leap 42 [\#109](https://github.com/dev-sec/ssh-baseline/pull/109) ([artem-sidorenko](https://github.com/artem-sidorenko))
80-
- add debian 9 support [\#106](https://github.com/dev-sec/ssh-baseline/pull/106) ([rndmh3ro](https://github.com/rndmh3ro))
81-
- adding ubuntu bionic support [\#104](https://github.com/dev-sec/ssh-baseline/pull/104) ([attachmentgenie](https://github.com/attachmentgenie))
82-
- Initial support for Alpine Linux [\#102](https://github.com/dev-sec/ssh-baseline/pull/102) ([radhus](https://github.com/radhus))
83-
84-
## [2.3.2](https://github.com/dev-sec/ssh-baseline/tree/2.3.2) (2018-04-20)
85-
86-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.3.1...2.3.2)
87-
88-
**Merged pull requests:**
89-
90-
- Fix bogus success of sshd-47 on non Debian [\#100](https://github.com/dev-sec/ssh-baseline/pull/100) ([eramoto](https://github.com/eramoto))
91-
92-
## [2.3.1](https://github.com/dev-sec/ssh-baseline/tree/2.3.1) (2018-02-13)
93-
94-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.3.0...2.3.1)
95-
96-
**Closed issues:**
97-
98-
- No git tag for 2.3.0 [\#96](https://github.com/dev-sec/ssh-baseline/issues/96)
99-
100-
**Merged pull requests:**
101-
102-
- Modified the client\_alive\_interval default to suggested value [\#98](https://github.com/dev-sec/ssh-baseline/pull/98) ([iennae](https://github.com/iennae))
103-
- Support Amazon Linux [\#97](https://github.com/dev-sec/ssh-baseline/pull/97) ([woneill](https://github.com/woneill))
104-
105-
## [2.3.0](https://github.com/dev-sec/ssh-baseline/tree/2.3.0) (2017-12-01)
106-
107-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.2.0...2.3.0)
108-
109-
**Closed issues:**
110-
111-
- OpenSSH 7.6 deprecated MACs [\#93](https://github.com/dev-sec/ssh-baseline/issues/93)
112-
113-
**Merged pull requests:**
114-
115-
- remove ripemd160 MAC from the macs66 list [\#94](https://github.com/dev-sec/ssh-baseline/pull/94) ([atomic111](https://github.com/atomic111))
116-
- use recommended spdx license identifier [\#90](https://github.com/dev-sec/ssh-baseline/pull/90) ([chris-rock](https://github.com/chris-rock))
117-
- CI: update to ruby 2.4.1 and rubocop 0.49 [\#89](https://github.com/dev-sec/ssh-baseline/pull/89) ([artem-sidorenko](https://github.com/artem-sidorenko))
118-
- Support of OpenSuse Leap 42.2 [\#88](https://github.com/dev-sec/ssh-baseline/pull/88) ([artem-sidorenko](https://github.com/artem-sidorenko))
119-
120-
## [2.2.0](https://github.com/dev-sec/ssh-baseline/tree/2.2.0) (2017-05-08)
121-
122-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.1.1...2.2.0)
123-
124-
**Merged pull requests:**
125-
126-
- update copyright name [\#87](https://github.com/dev-sec/ssh-baseline/pull/87) ([chris-rock](https://github.com/chris-rock))
127-
- update metadata [\#86](https://github.com/dev-sec/ssh-baseline/pull/86) ([chris-rock](https://github.com/chris-rock))
128-
- restrict ruby testing to version 2.3.3 and update gemfile [\#85](https://github.com/dev-sec/ssh-baseline/pull/85) ([atomic111](https://github.com/atomic111))
129-
- Proper tests for Opensuse leap 42.1 [\#84](https://github.com/dev-sec/ssh-baseline/pull/84) ([artem-sidorenko](https://github.com/artem-sidorenko))
130-
- Fix check for os.darwin [\#83](https://github.com/dev-sec/ssh-baseline/pull/83) ([techraf](https://github.com/techraf))
131-
- Add openssh definitions for macos [\#82](https://github.com/dev-sec/ssh-baseline/pull/82) ([artem-sidorenko](https://github.com/artem-sidorenko))
132-
- Add support for oracle [\#80](https://github.com/dev-sec/ssh-baseline/pull/80) ([artem-sidorenko](https://github.com/artem-sidorenko))
133-
- Algorithm/Hostkey tests for different platforms [\#79](https://github.com/dev-sec/ssh-baseline/pull/79) ([artem-sidorenko](https://github.com/artem-sidorenko))
134-
- Test the strong DH primes [\#77](https://github.com/dev-sec/ssh-baseline/pull/77) ([artem-sidorenko](https://github.com/artem-sidorenko))
135-
- Removal of DSA key [\#76](https://github.com/dev-sec/ssh-baseline/pull/76) ([artem-sidorenko](https://github.com/artem-sidorenko))
136-
- Ignore inspec.lock file [\#73](https://github.com/dev-sec/ssh-baseline/pull/73) ([techraf](https://github.com/techraf))
137-
- Remove the PAM deactivation enforcement [\#72](https://github.com/dev-sec/ssh-baseline/pull/72) ([artem-sidorenko](https://github.com/artem-sidorenko))
138-
139-
## [2.1.1](https://github.com/dev-sec/ssh-baseline/tree/2.1.1) (2016-12-22)
140-
141-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.1.0...2.1.1)
142-
143-
**Closed issues:**
144-
145-
- Compare ciphers as array? [\#70](https://github.com/dev-sec/ssh-baseline/issues/70)
146-
- Error performing inspec exec https://github.com/dev-sec/tests-ssh-hardening [\#66](https://github.com/dev-sec/ssh-baseline/issues/66)
147-
148-
**Merged pull requests:**
149-
150-
- update profile metadata & tooling [\#71](https://github.com/dev-sec/ssh-baseline/pull/71) ([chris-rock](https://github.com/chris-rock))
151-
- update Gemfile and remove ruby 1.9.3 support [\#69](https://github.com/dev-sec/ssh-baseline/pull/69) ([arlimus](https://github.com/arlimus))
152-
- Test server config for Banner and DebianBanner [\#67](https://github.com/dev-sec/ssh-baseline/pull/67) ([tsenart](https://github.com/tsenart))
153-
- pin rack version [\#65](https://github.com/dev-sec/ssh-baseline/pull/65) ([chris-rock](https://github.com/chris-rock))
154-
- rename sshd-30 [\#64](https://github.com/dev-sec/ssh-baseline/pull/64) ([attachmentgenie](https://github.com/attachmentgenie))
155-
- Fixing inspec tests for ubuntu hosts [\#63](https://github.com/dev-sec/ssh-baseline/pull/63) ([attachmentgenie](https://github.com/attachmentgenie))
156-
157-
## [2.1.0](https://github.com/dev-sec/ssh-baseline/tree/2.1.0) (2016-07-27)
158-
159-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/2.0.0...2.1.0)
160-
161-
**Closed issues:**
162-
163-
- ListenAddress [\#45](https://github.com/dev-sec/ssh-baseline/issues/45)
164-
165-
**Merged pull requests:**
166-
167-
- Use new ciphers, kex, macs and priv separation sandbox for redhat family 7 [\#62](https://github.com/dev-sec/ssh-baseline/pull/62) ([atomic111](https://github.com/atomic111))
168-
- Fixing typo in sshd\_spec.rb [\#61](https://github.com/dev-sec/ssh-baseline/pull/61) ([brimstone](https://github.com/brimstone))
169-
- Fix: Issue ListenAddress \#45 \(\#45\) and added check for SSH Client Bug CVE-2016-0777 and CVE-2016-0778 [\#60](https://github.com/dev-sec/ssh-baseline/pull/60) ([atomic111](https://github.com/atomic111))
170-
- changed from hardening-io to dev-sec in README.md and added ubuntu and centos version to ssh\_crypto.rb [\#59](https://github.com/dev-sec/ssh-baseline/pull/59) ([atomic111](https://github.com/atomic111))
171-
172-
## [2.0.0](https://github.com/dev-sec/ssh-baseline/tree/2.0.0) (2016-04-28)
173-
174-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/1.2.0...2.0.0)
175-
176-
**Fixed bugs:**
177-
178-
- bugfix: use new inspec load mechanism [\#58](https://github.com/dev-sec/ssh-baseline/pull/58) ([chris-rock](https://github.com/chris-rock))
179-
180-
**Merged pull requests:**
181-
182-
- migrate to InSpec profile [\#56](https://github.com/dev-sec/ssh-baseline/pull/56) ([chris-rock](https://github.com/chris-rock))
183-
184-
## [1.2.0](https://github.com/dev-sec/ssh-baseline/tree/1.2.0) (2016-04-25)
185-
186-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/1.1.1...1.2.0)
187-
188-
**Closed issues:**
189-
190-
- No easy way to install Ansible on all OS's [\#47](https://github.com/dev-sec/ssh-baseline/issues/47)
191-
192-
**Merged pull requests:**
193-
194-
- 1.2.0 [\#57](https://github.com/dev-sec/ssh-baseline/pull/57) ([chris-rock](https://github.com/chris-rock))
195-
- Symlinks real suite names to "default" [\#55](https://github.com/dev-sec/ssh-baseline/pull/55) ([conorsch](https://github.com/conorsch))
196-
- complet inspec tests [\#52](https://github.com/dev-sec/ssh-baseline/pull/52) ([atomic111](https://github.com/atomic111))
197-
198-
## [1.1.1](https://github.com/dev-sec/ssh-baseline/tree/1.1.1) (2015-01-14)
199-
200-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/1.1.0...1.1.1)
201-
202-
## [1.1.0](https://github.com/dev-sec/ssh-baseline/tree/1.1.0) (2015-01-12)
203-
204-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/1.0.0...1.1.0)
205-
206-
**Closed issues:**
207-
208-
- undefined method `backend' for main:Object [\#32](https://github.com/dev-sec/ssh-baseline/issues/32)
209-
210-
**Merged pull requests:**
211-
212-
- bugfix: lint error [\#29](https://github.com/dev-sec/ssh-baseline/pull/29) ([chris-rock](https://github.com/chris-rock))
213-
214-
## [1.0.0](https://github.com/dev-sec/ssh-baseline/tree/1.0.0) (2014-08-13)
215-
216-
[Full Changelog](https://github.com/dev-sec/ssh-baseline/compare/dd756df8ed36e73384789da88353405998bc134b...1.0.0)
217-
218-
**Closed issues:**
219-
220-
- HostKeys and OSes [\#13](https://github.com/dev-sec/ssh-baseline/issues/13)
221-
- Comment-tests causing false-positives [\#5](https://github.com/dev-sec/ssh-baseline/issues/5)
222-
- Unify required crypto for ssh server and client [\#4](https://github.com/dev-sec/ssh-baseline/issues/4)
223-
- Add testing of ssh client config [\#3](https://github.com/dev-sec/ssh-baseline/issues/3)
224-
225-
**Merged pull requests:**
226-
227-
- bugfix: unlock user accounts during chef runs [\#28](https://github.com/dev-sec/ssh-baseline/pull/28) ([arlimus](https://github.com/arlimus))
228-
- test for UsePAM disabled [\#27](https://github.com/dev-sec/ssh-baseline/pull/27) ([arlimus](https://github.com/arlimus))
229-
- bugfix sed command location [\#26](https://github.com/dev-sec/ssh-baseline/pull/26) ([arlimus](https://github.com/arlimus))
230-
- Fix puppet user unlock [\#25](https://github.com/dev-sec/ssh-baseline/pull/25) ([arlimus](https://github.com/arlimus))
231-
- bugfix: unlock user accounts on test systems [\#24](https://github.com/dev-sec/ssh-baseline/pull/24) ([arlimus](https://github.com/arlimus))
232-
- Fix matches [\#23](https://github.com/dev-sec/ssh-baseline/pull/23) ([arlimus](https://github.com/arlimus))
233-
- update and fix rubocop [\#22](https://github.com/dev-sec/ssh-baseline/pull/22) ([ehaselwanter](https://github.com/ehaselwanter))
234-
- common validator for client and server config [\#21](https://github.com/dev-sec/ssh-baseline/pull/21) ([chris-rock](https://github.com/chris-rock))
235-
- add robocop rake task [\#20](https://github.com/dev-sec/ssh-baseline/pull/20) ([chris-rock](https://github.com/chris-rock))
236-
- add ruby gem source [\#19](https://github.com/dev-sec/ssh-baseline/pull/19) ([chris-rock](https://github.com/chris-rock))
237-
- added Telekom Security Requirement numbers to the corresponding kitchen test [\#18](https://github.com/dev-sec/ssh-baseline/pull/18) ([atomic111](https://github.com/atomic111))
238-
- add tests for debian 6 and 7 [\#17](https://github.com/dev-sec/ssh-baseline/pull/17) ([arlimus](https://github.com/arlimus))
239-
- add format html option [\#16](https://github.com/dev-sec/ssh-baseline/pull/16) ([ehaselwanter](https://github.com/ehaselwanter))
240-
- remove host keys from checks [\#15](https://github.com/dev-sec/ssh-baseline/pull/15) ([arlimus](https://github.com/arlimus))
241-
- make the integration tests even more useful with standalone invocation [\#14](https://github.com/dev-sec/ssh-baseline/pull/14) ([ehaselwanter](https://github.com/ehaselwanter))
242-
- Tests update [\#12](https://github.com/dev-sec/ssh-baseline/pull/12) ([arlimus](https://github.com/arlimus))
243-
- relax permissions on /etc/ssh and files [\#11](https://github.com/dev-sec/ssh-baseline/pull/11) ([arlimus](https://github.com/arlimus))
244-
- add lockfiles and delete them from tree [\#9](https://github.com/dev-sec/ssh-baseline/pull/9) ([ehaselwanter](https://github.com/ehaselwanter))
245-
- streamline rubocop, fix issue which comes with this change [\#8](https://github.com/dev-sec/ssh-baseline/pull/8) ([ehaselwanter](https://github.com/ehaselwanter))
246-
- rubocop fixes [\#7](https://github.com/dev-sec/ssh-baseline/pull/7) ([ehaselwanter](https://github.com/ehaselwanter))
247-
- use a per suite manifest [\#6](https://github.com/dev-sec/ssh-baseline/pull/6) ([ehaselwanter](https://github.com/ehaselwanter))
248-
- changed AllowTcpForwarding and AllowAgentForwarding from yes to no [\#2](https://github.com/dev-sec/ssh-baseline/pull/2) ([atomic111](https://github.com/atomic111))
249-
- move the ssh tests to this new central location [\#1](https://github.com/dev-sec/ssh-baseline/pull/1) ([ehaselwanter](https://github.com/ehaselwanter))
250-
25113

25214

25315
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

inspec.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,6 @@ copyright: DevSec Hardening Framework Team
66
copyright_email: hello@dev-sec.io
77
license: Apache-2.0
88
summary: Test-suite for best-practice SSH hardening
9-
version: 2.5.1
9+
version: 2.5.2
1010
supports:
1111
- os-family: unix

0 commit comments

Comments
 (0)