Merge pull request #34 from dev-sec/remove_eol_os

remove eol'd OS and add new

Author: rndmh3ro

.kitchen.vagrant.yml

@@ -19,14 +19,30 @@ transport:
   max_ssh_sessions: 5
 
 platforms:
-- name: ubuntu-14.04
 - name: ubuntu-16.04
-- name: centos-6.8
-- name: centos-7.3
-- name: oracle-6.8
-- name: oracle-7.3
-- name: debian-7.11
-- name: debian-8.7
+  driver_config:
+    box: bento/ubuntu-16.04
+- name: ubuntu-18.04
+  driver_config:
+    box: bento/ubuntu-18.04
+- name: centos-6
+  driver_config:
+    box: bento/centos-6
+- name: centos-7
+  driver_config:
+    box: bento/centos-7
+- name: oracle-6
+  driver_config:
+    box: bento/oracle-6
+- name: oracle-7
+  driver_config:
+    box: bento/oracle-7
+- name: debian-9
+  driver_config:
+    box: bento/debian-9
+- name: amazon
+  driver_config:
+    box: bento/amazonlinux-2
 
 verifier:
   name: inspec

.kitchen.yml

@@ -39,39 +39,46 @@ platforms:
   driver:
     image: rndmh3ro/docker-oracle7-ansible:latest
     platform: centos
-- name: ubuntu1404-ansible-latest
-  driver:
-    image: rndmh3ro/docker-ubuntu1404-ansible:latest
-    platform: ubuntu
+    run_command: /sbin/init
+    provision_command:
+      - systemctl enable ssh.service
 - name: ubuntu1604-ansible-latest
   driver:
     image: rndmh3ro/docker-ubuntu1604-ansible:latest
     platform: ubuntu
-- name: debian7-ansible-latest
-  driver:
-    image: rndmh3ro/docker-debian7-ansible:latest
-    platform: debian
-    intermediate_instructions:
-    - RUN /usr/bin/apt-get update
-    - RUN /usr/bin/apt-get install -y procps
-- name: debian8-ansible-latest
+    run_command: /sbin/init
+- name: ubuntu1804-ansible-latest
   driver:
-    image: rndmh3ro/docker-debian8-ansible:latest
-    platform: debian
-    intermediate_instructions:
-    - RUN /usr/bin/apt-get update
-    - RUN /usr/bin/apt-get install -y procps
-    pid_one_command: /bin/systemd
+    image: rndmh3ro/docker-ubuntu1804-ansible:latest
+    platform: ubuntu
 - name: debian9-ansible-latest
   driver:
     image: rndmh3ro/docker-debian9-ansible:latest
     platform: debian
+    run_command: /sbin/init
+    provision_command:
+      - apt install -y systemd-sysv
+      - systemctl enable ssh.service
+- name: amazon-ansible-latest
+  driver:
+    image: rndmh3ro/docker-amazon-ansible:latest
+    platform: centos
+    run_command: /sbin/init
+#- name: amazon-ansible-latest
+#  driver:
+#    image: rndmh3ro/docker-amazon-ansible:latest
+#    platform: centos
+#    run_command: /sbin/init
+#    provision_command:
+#      - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
+#      - systemctl enable sshd.service
 
 verifier:
   name: inspec
   sudo: true
   inspec_tests:
-    - https://github.com/dev-sec/mysql-baseline
+     - ../mysql-baseline
+#    - https://github.com/dev-sec/mysql-baseline
 
 suites:
 - name: mysql

.travis.yml

@@ -28,25 +28,25 @@ env:
 #    init: /lib/systemd/systemd
 #    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
 
-#  - distro: ubuntu1404
-#    version: latest
-#    run_opts: "--privileged"
-#    init: /sbin/init
-
-  - distro: debian7
+  - distro: ubuntu1804
     version: latest
-    run_opts: "--privileged"
-    init: /sbin/init
+    init: /lib/systemd/systemd
+    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
 
-#  - distro: debian8
+#  - distro: debian9
 #    version: latest
-#    init: /bin/systemd
+#    init: /lib/systemd/systemd
 #    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
 
- # - distro: debian9
- #   version: latest
- #   init: /lib/systemd/systemd
- #   run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
+  - distro: amazon
+    init: /lib/systemd/systemd
+    version: latest
+    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
+
+  - distro: fedora
+    init: /lib/systemd/systemd
+    version: latest
+    run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
 
 before_install:
   # Pull container
@@ -58,7 +58,7 @@ script:
   - 'docker run --detach --volume="${PWD}":/etc/ansible/roles/ansible-mysql-hardening:ro ${run_opts} rndmh3ro/docker-${distro}-ansible:${version} "${init}" > "${container_id}"'
 
   # Install ansible galaxy requirements
-  - 'docker exec "$(cat ${container_id})" ansible-galaxy install -r /etc/ansible/roles/ansible-mysql-hardening/requirements.yml -p /etc/ansible/roles/'
+  - 'docker exec "$(cat ${container_id})" ansible-galaxy install -c -r /etc/ansible/roles/ansible-mysql-hardening/requirements.yml -p /etc/ansible/roles/'
 
   # Test role.
   - 'travis_wait docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/ansible-mysql-hardening/default.yml'

meta/main.yml

@@ -12,13 +12,13 @@ galaxy_info:
         - 7
     - name: Ubuntu
       versions:
-        - precise
-        - trusty
         - xenial
+        - bionic
     - name: Debian
       versions:
-        - wheezy
         - jessie
+    - name: Amazon
+    - name: Fedora
   galaxy_tags:
     - system
     - security

vars/Fedora.yml

@@ -0,0 +1,3 @@
+mysql_daemon: mysqld
+mysql_hardening_mysql_conf_file: '/etc/my.cnf'
+mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'