2.8.1 (2024-08-21)
Implemented enhancements:
Closed issues:
- Update detection of applicable ciphers/kex/mac to use OpenSSH version instead of OS version #205
Merged pull requests:
- ensure compatibility with new inspec version #215 (schurzi)
- add spellchecking with codespell #214 (schurzi)
- Configure Renovate #213 (renovate[bot])
- extend BSD Support #212 (schurzi)
- simplify crypto library #209 (rndmh3ro)
2.8.0 (2022-09-29)
Implemented enhancements:
Merged pull requests:
- fix detection for centos stream #208 (rndmh3ro)
- add more support for debian 11 #206 (rndmh3ro)
- Change linting to Cookstyle #203 (schurzi)
2.7.0 (2022-01-12)
Implemented enhancements:
Closed issues:
- Add support for AlmaLinux #200
Merged pull requests:
- use input instead of attribute #201 (micheelengronne)
- add support for Rocky Linux #198 (schurzi)
- fix rubocop error for Rakefile #195 (schurzi)
- add dependency to chef-config for CI #194 (schurzi)
- Added OpenSSH 8.5/8.5p1 KexAlgorithms Support #192 (lonkey)
- use version tag for changelog action #191 (schurzi)
- GitHub action #189 (rndmh3ro)
2.6.3 (2021-01-20)
Merged pull requests:
- add control for small RSA HostKey #188 (schurzi)
- Change "Disable IgnoreRhosts" to "Enable IgnoreRhosts" #187 (JosephDillon)
2.6.2 (2021-01-12)
Implemented enhancements:
Merged pull requests:
2.6.1 (2020-12-16)
Closed issues:
- Ubuntu 20.04 fails #183
Merged pull requests:
2.6.0 (2020-08-22)
Implemented enhancements:
Closed issues:
- undefined method `match?' for nil:NilClass - CentOs 7 #179
2.5.14 (2020-08-07)
Merged pull requests:
2.5.13 (2020-07-23)
Merged pull requests:
- The release draft references the correct SHA #178 (micheelengronne)
2.5.12 (2020-07-22)
Merged pull requests:
2.5.11 (2020-07-16)
Implemented enhancements:
2.5.10 (2020-07-16)
Implemented enhancements:
2.5.9 (2020-07-04)
Merged pull requests:
- ssh host keys in a specific directory #174 (micheelengronne)
2.5.8 (2020-06-18)
Implemented enhancements:
Closed issues:
- Support KEX for OpenSSH 8.0+ & quantum resistant KEX #144
2.5.7 (2020-05-25)
Merged pull requests:
2.5.6 (2020-05-20)
Closed issues:
- PR #163 leads to failing sshd-14 check #169
Merged pull requests:
- ListenAddress should exist #165 (micheelengronne)
2.5.5 (2020-05-20)
Closed issues:
- Create release workflow #156
Merged pull requests:
- Use inspec.input to load the attribute #168 (micheelengronne)
2.5.4 (2020-05-19)
Merged pull requests:
- CHANGELOG for RELEASE done before the push to avoid breaking #167 (micheelengronne)
- sshd custom port #164 (micheelengronne)
- custom path for hostkeys #163 (micheelengronne)
2.5.3 (2020-05-19)
Merged pull requests:
- release trigger #166 (micheelengronne)
2.5.2 (2020-05-19)
Merged pull requests:
- changelog only triggered when release #162 (micheelengronne)
- sshd_config custom path #161 (micheelengronne)
- Continuously updated changelog #160 (micheelengronne)
2.5.1 (2020-05-18)
Merged pull requests:
- Align versions everywhere in the project #159 (micheelengronne)
2.5.0 (2020-05-18)
Closed issues:
- Mozilla OpenSSH Guidelines #150
- Test SSHD running as another user #149
- New release #147
- Test for sha2 HMACs on RHEL 6 / CentOS 6 #145
- max_auth_tries is a string not numeric #139
- MaxAuthTries - Citation(s) for baseline choice. #137
Merged pull requests:
- API rate limiter debug #158 (micheelengronne)
- Release github workflow #157 (micheelengronne)
- In a container, sshd should not run as root #152 (micheelengronne)
- ubuntu versions #151 (micheelengronne)
- Use SHA2 HMACs in OpenSSH for RHEL family 6.5+ #146 (foonix)
- Support of CentOS 8 #143 (artem-sidorenko)
- Move attribute to spec as local var #142 (kiwivogel)
- Fix deprecations #141 (kiwivogel)
- Issue 139 - Use cmp instead of be matcher to allow string matching #140 (chbiel)
- Issue 137 - MaxAuthTries Parameter. #138 (monobaila)
- Debian 10 has Openssh 7.9 with deprecated UsePrivilegeSeparation #135 (artem-sidorenko)
- Debian 10 support for ciphers, kex, macs #134 (artem-sidorenko)
2.4.1 (2019-05-16)
Merged pull requests:
2.4.0 (2019-02-25)
Closed issues:
- need to account for sshd version when checking UseRoaming in
ssh_config
#121 - profile fails inspec check #101
- Deprecated option #95
Merged pull requests:
- 2.4.0 #124 (chris-rock)
- Allow prohibit-password as PermitRootLogin value #123 (jeremy-clerc)
- UseRoaming is deprecated, only check on older versions #122 (rndmh3ro)
- Fix os detection #120 (IceBear2k)
- Update issue templates #118 (rndmh3ro)
- Fixup of UsePrivilegeSeparation deprecation for Amazon #117 (artem-sidorenko)
- Deprecated UsePrivilegeSeparation for Fedora/Amazon #116 (artem-sidorenko)
- UseLogin is deprecated #114 (artem-sidorenko)
- Add separate PrivilegeSeparation check for Ubuntu 1804 #113 (rndmh3ro)
- allow some customization of expected values depending on attributes #112 (juju4)
- Avoid checking deprecated optinos for OpenSSH >=7.6 #110 (artem-sidorenko)
- Avoid failing on EL 6 family and OpenSuse Leap 42 #109 (artem-sidorenko)
- add debian 9 support #106 (rndmh3ro)
- adding ubuntu bionic support #104 (attachmentgenie)
- Initial support for Alpine Linux #102 (radhus)
2.3.2 (2018-04-20)
Merged pull requests:
2.3.1 (2018-02-13)
Closed issues:
- No git tag for 2.3.0 #96
Merged pull requests:
- Modified the client_alive_interval default to suggested value #98 (iennae)
- Support Amazon Linux #97 (woneill)
2.3.0 (2017-12-01)
Closed issues:
- OpenSSH 7.6 deprecated MACs #93
Merged pull requests:
- remove ripemd160 MAC from the macs66 list #94 (atomic111)
- use recommended spdx license identifier #90 (chris-rock)
- CI: update to ruby 2.4.1 and rubocop 0.49 #89 (artem-sidorenko)
- Support of OpenSuse Leap 42.2 #88 (artem-sidorenko)
2.2.0 (2017-05-08)
Merged pull requests:
- update copyright name #87 (chris-rock)
- update metadata #86 (chris-rock)
- restrict ruby testing to version 2.3.3 and update gemfile #85 (atomic111)
- Proper tests for Opensuse leap 42.1 #84 (artem-sidorenko)
- Fix check for os.darwin #83 (techraf)
- Add openssh definitions for macos #82 (artem-sidorenko)
- Add support for oracle #80 (artem-sidorenko)
- Algorithm/Hostkey tests for different platforms #79 (artem-sidorenko)
- Test the strong DH primes #77 (artem-sidorenko)
- Removal of DSA key #76 (artem-sidorenko)
- Ignore inspec.lock file #73 (techraf)
- Remove the PAM deactivation enforcement #72 (artem-sidorenko)
2.1.1 (2016-12-22)
Closed issues:
- Compare ciphers as array? #70
- Error performing inspec exec https://github.com/dev-sec/tests-ssh-hardening #66
Merged pull requests:
- update profile metadata & tooling #71 (chris-rock)
- update Gemfile and remove ruby 1.9.3 support #69 (arlimus)
- Test server config for Banner and DebianBanner #67 (tsenart)
- pin rack version #65 (chris-rock)
- rename sshd-30 #64 (attachmentgenie)
- Fixing inspec tests for ubuntu hosts #63 (attachmentgenie)
2.1.0 (2016-07-27)
Closed issues:
- ListenAddress #45
Merged pull requests:
- Use new ciphers, kex, macs and priv separation sandbox for redhat family 7 #62 (atomic111)
- Fixing typo in sshd_spec.rb #61 (brimstone)
- Fix: Issue ListenAddress #45 (#45) and added check for SSH Client Bug CVE-2016-0777 and CVE-2016-0778 #60 (atomic111)
- changed from hardening-io to dev-sec in README.md and added ubuntu and centos version to ssh_crypto.rb #59 (atomic111)
2.0.0 (2016-04-28)
Fixed bugs:
- bugfix: use new inspec load mechanism #58 (chris-rock)
Merged pull requests:
- migrate to InSpec profile #56 (chris-rock)
1.2.0 (2016-04-25)
Closed issues:
- No easy way to install Ansible on all OS's #47
Merged pull requests:
- 1.2.0 #57 (chris-rock)
- Symlinks real suite names to "default" #55 (conorsch)
- complete inspec tests #52 (atomic111)
1.1.1 (2015-01-14)
1.1.0 (2015-01-12)
Closed issues:
- undefined method `backend' for main:Object #32
Merged pull requests:
- bugfix: lint error #29 (chris-rock)
1.0.0 (2014-08-13)
Closed issues:
- HostKeys and OSes #13
- Comment-tests causing false-positives #5
- Unify required crypto for ssh server and client #4
- Add testing of ssh client config #3
Merged pull requests:
- bugfix: unlock user accounts during chef runs #28 (arlimus)
- test for UsePAM disabled #27 (arlimus)
- bugfix sed command location #26 (arlimus)
- Fix puppet user unlock #25 (arlimus)
- bugfix: unlock user accounts on test systems #24 (arlimus)
- Fix matches #23 (arlimus)
- update and fix rubocop #22 (ehaselwanter)
- common validator for client and server config #21 (chris-rock)
- add robocop rake task #20 (chris-rock)
- add ruby gem source #19 (chris-rock)
- added Telekom Security Requirement numbers to the corresponding kitchen test #18 (atomic111)
- add tests for debian 6 and 7 #17 (arlimus)
- add format html option #16 (ehaselwanter)
- remove host keys from checks #15 (arlimus)
- make the integration tests even more useful with standalone invocation #14 (ehaselwanter)
- Tests update #12 (arlimus)
- relax permissions on /etc/ssh and files #11 (arlimus)
- add lockfiles and delete them from tree #9 (ehaselwanter)
- streamline rubocop, fix issue which comes with this change #8 (ehaselwanter)
- rubocop fixes #7 (ehaselwanter)
- use a per suite manifest #6 (ehaselwanter)
- changed AllowTcpForwarding and AllowAgentForwarding from yes to no #2 (atomic111)
- move the ssh tests to this new central location #1 (ehaselwanter)
* This Changelog was automatically generated by github_changelog_generator