Prepare module for v2.0.0

Implement github-changelog-generator (parameters in Rakefile should be changed after this release) Bump version to 2.0.0 Signed-off-by: Michael Geiger <[email protected]>
mungo312 · Dec 19, 2017 · b7feb6e · b7feb6e
1 parent c5f487f
commit b7feb6e
Show file tree

Hide file tree

Showing 5 changed files with 134 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,52 @@
-# Changelog
+# Change Log
+
+## [2.0.0](https://github.com/dev-sec/puppet-os-hardening/tree/2.0.0) (2017-12-19)
+[Full Changelog](https://github.com/dev-sec/puppet-os-hardening/compare/1.1.2...2.0.0)
+
+**Closed issues:**
+
+- SLES and OEL errors when ipv6 is disabled [\#82](https://github.com/dev-sec/puppet-os-hardening/issues/82)
+- Failed to generate additional resources [\#75](https://github.com/dev-sec/puppet-os-hardening/issues/75)
+- Multiple conflicts with Puppet Enterprise [\#74](https://github.com/dev-sec/puppet-os-hardening/issues/74)
+- Conflict with Puppet Enterprise 2016.1.1 [\#71](https://github.com/dev-sec/puppet-os-hardening/issues/71)
+- allow\_core\_dump set to true still ends up setting /etc/security/limits.d/10.hardcore.conf and /etc/profile.d/pinerolo\_profile.sh files [\#68](https://github.com/dev-sec/puppet-os-hardening/issues/68)
+- IPv6 setting problem [\#67](https://github.com/dev-sec/puppet-os-hardening/issues/67)
+- Log martian packets [\#66](https://github.com/dev-sec/puppet-os-hardening/issues/66)
+- Merge \#64 [\#65](https://github.com/dev-sec/puppet-os-hardening/issues/65)
+- net.ipv6.conf.default.accept\_ra [\#56](https://github.com/dev-sec/puppet-os-hardening/issues/56)
+
+**Merged pull requests:**
+
+- Update links + contributors in README [\#108](https://github.com/dev-sec/puppet-os-hardening/pull/108) ([mcgege](https://github.com/mcgege))
+- Avoid picking up users retrieved from SSSD or other domain services. [\#101](https://github.com/dev-sec/puppet-os-hardening/pull/101) ([tprobinson](https://github.com/tprobinson))
+- Implement linux-baseline os-10 [\#100](https://github.com/dev-sec/puppet-os-hardening/pull/100) ([mcgege](https://github.com/mcgege))
+- Style Guide corrections [\#98](https://github.com/dev-sec/puppet-os-hardening/pull/98) ([mcgege](https://github.com/mcgege))
+- Update module metadata [\#97](https://github.com/dev-sec/puppet-os-hardening/pull/97) ([mcgege](https://github.com/mcgege))
+- Baseline sysctl-17: Enable logging of martian packets [\#96](https://github.com/dev-sec/puppet-os-hardening/pull/96) ([mcgege](https://github.com/mcgege))
+- One single coredump parameter [\#95](https://github.com/dev-sec/puppet-os-hardening/pull/95) ([mcgege](https://github.com/mcgege))
+- Fix for Linux Baseline os-02 [\#94](https://github.com/dev-sec/puppet-os-hardening/pull/94) ([mcgege](https://github.com/mcgege))
+- Baseline os-05b: set SYS\_\[GU\]ID\_\[MIN|MAX\] in /etc/login.defs [\#92](https://github.com/dev-sec/puppet-os-hardening/pull/92) ([mcgege](https://github.com/mcgege))
+- Remove config/scripts to prevent core dumps if function is disabled… [\#91](https://github.com/dev-sec/puppet-os-hardening/pull/91) ([mcgege](https://github.com/mcgege))
+- DevSec Linux Baseline os-05 [\#90](https://github.com/dev-sec/puppet-os-hardening/pull/90) ([mcgege](https://github.com/mcgege))
+- Corrected handling of /bin/su \(via allow\_change\_user\) [\#89](https://github.com/dev-sec/puppet-os-hardening/pull/89) ([mcgege](https://github.com/mcgege))
+- Documentation update [\#88](https://github.com/dev-sec/puppet-os-hardening/pull/88) ([mcgege](https://github.com/mcgege))
+- added switch manage\_ipv6, so people could disable managing of ipv6 co… [\#87](https://github.com/dev-sec/puppet-os-hardening/pull/87) ([STetzel](https://github.com/STetzel))
+- CentOS7 issue - revert "Remove link following in minimize\_access file resource" [\#86](https://github.com/dev-sec/puppet-os-hardening/pull/86) ([mcgege](https://github.com/mcgege))
+- Making rubocop happy [\#85](https://github.com/dev-sec/puppet-os-hardening/pull/85) ([artem-sidorenko](https://github.com/artem-sidorenko))
+- Make the sysctl setting 'rp\_filter' configurable [\#84](https://github.com/dev-sec/puppet-os-hardening/pull/84) ([mcgege](https://github.com/mcgege))
+- Quick fix for issue \#71: remove '/usr/local/bin' from managed folders [\#83](https://github.com/dev-sec/puppet-os-hardening/pull/83) ([mcgege](https://github.com/mcgege))
+- Puppet-lint done for sysctl.pp [\#81](https://github.com/dev-sec/puppet-os-hardening/pull/81) ([bitvijays](https://github.com/bitvijays))
+- Fix the CI [\#80](https://github.com/dev-sec/puppet-os-hardening/pull/80) ([artem-sidorenko](https://github.com/artem-sidorenko))
+- Adopt Puppet style guide - remove dynamic variable lookup [\#70](https://github.com/dev-sec/puppet-os-hardening/pull/70) ([tuxmea](https://github.com/tuxmea))
+- Remove link following in minimize\_access file resource [\#64](https://github.com/dev-sec/puppet-os-hardening/pull/64) ([rooprob](https://github.com/rooprob))
+- update common kitchen.yml platforms [\#63](https://github.com/dev-sec/puppet-os-hardening/pull/63) ([chris-rock](https://github.com/chris-rock))
+- add support for limiting password re-use. [\#61](https://github.com/dev-sec/puppet-os-hardening/pull/61) ([igoraj](https://github.com/igoraj))
+- add local testing section to readme [\#59](https://github.com/dev-sec/puppet-os-hardening/pull/59) ([chris-rock](https://github.com/chris-rock))
+- add net.ipv6.conf.default.accept\_ra. closes \#56 [\#58](https://github.com/dev-sec/puppet-os-hardening/pull/58) ([igoraj](https://github.com/igoraj))
+- Disable System Accounts [\#54](https://github.com/dev-sec/puppet-os-hardening/pull/54) ([igoraj](https://github.com/igoraj))
+- common files: add centos 7 [\#53](https://github.com/dev-sec/puppet-os-hardening/pull/53) ([arlimus](https://github.com/arlimus))
+
+# OLD Changelog
 
 ## 1.1.2
 
@@ -69,3 +117,6 @@
 ## 0.1.0
 
 * port from chef-os-hardening and monolithic puppet implementation
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
diff --git a/Gemfile b/Gemfile
@@ -8,6 +8,7 @@ else
 end
 
 group :test do
+  gem 'github_changelog_generator', :require => false
   gem 'puppet-lint'
   # avoid NoMethodError: private method `clone' called for #<RuboCop::Cop::CopStore:0x00000104e286c8>
   gem 'puppetlabs_spec_helper', :git => 'https://github.com/ehaselwanter/puppetlabs_spec_helper'

diff --git a/HISTORY.md b/HISTORY.md
@@ -0,0 +1,71 @@
+# OLD Changelog
+
+## 1.1.2
+
+* bugfix: ruby1.8+puppet+rspec interplay
+* bugfix: use scoped resource for puppet 4
+
+## 1.1.1
+
+* feature: add stack protection configuration via sysctl (enabled)
+* bugfix: replace non-ascii char in login.defs
+* bugfix: follow links for RHEL7 /bin and /sbin
+* bugfix: fixed tty newlines
+* bugfix: minor log typos
+
+## 1.1.0
+
+**API-change**: renamed module to `hardening-os_hardening`
+
+* improvement: linting
+
+## 1.0.2
+
+* improvement: only run 'update-pam' when needed
+
+## 1.0.1
+
+* bugfix: add missing colon for user-defined paths in PATH env
+* adjust login.defs template to not log user logins (as per Debian defaults)
+
+## 1.0.0
+
+* add verified support for puppet 3.6, remove support for puppet 3.0 and 3.4
+* improvement: streamlined rubocop and puppet-lint
+* improvement: remove stdlib fixed version dependency
+* improvement: loosened thias/sysctl dependency
+* bugfix: get puppet version in gemfile from ENV: `PUPPET_VERSION`
+
+## 0.1.3
+
+**API-change**: `dry_run_on_unkown` is now `dry_run_on_unknown`
+
+* feature: allow configuration of custom modules (if module loading is disabled)
+* improvement: only remove SUID/SGID if necessary
+* improvement: clarify SUID/SGID options
+* improvement: use thias/sysctl to configure sysctls (also fixes previous bugs with the template)
+* improvement: add spec tests for sysctl options
+* improvement: puppet-lint everything
+* improvement: add travis testing for lint+specs
+* improvement: use file resource instead of exec for access minimization
+* bugfix: fix typo dry_run_on_unkown -> dry_run_on_unknown
+* bugfix: don't run update initramfs on each run, only when requiered
+* bugfix: deactivation of kernel module loading wasn't implemented
+* bugfix: ip_forwarding wasn't activated correctly
+
+## 0.1.2
+
+* feature: add additional ipv6 hardening to sysctl
+* feature: add test kitchen
+* improvement: remove unnecessary attributes from os_hardening::pam
+* bugfix: remove cracklib if passwdqc is used
+
+## 0.1.1
+
+* feature: add configurable system environment
+* feature: remove suid/sgid bits from blacklist
+* feature: remove suid/sgid bits from unknown files
+
+## 0.1.0
+
+* port from chef-os-hardening and monolithic puppet implementation
diff --git a/Rakefile b/Rakefile
@@ -2,6 +2,7 @@
 
 require 'puppet-lint/tasks/puppet-lint'
 require 'puppetlabs_spec_helper/rake_tasks'
+require 'github_changelog_generator/task'
 
 PuppetLint.configuration.send('disable_autoloader_layout')
 PuppetLint.configuration.send('disable_80chars')
@@ -23,6 +24,14 @@ if RUBY_VERSION > '1.9.2'
 
   task :default => [:run_all_linters, :spec]
 
+  # Changelog Generator
+  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+    config.future_release = '2.0.0'
+    config.since_tag = '1.1.1'
+    config.user = 'dev-sec'
+    config.project = 'puppet-os-hardening'
+  end
+
 else
   desc 'Run all linters: rubocop and puppet-lint'
   task :run_all_linters => [:lint]

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "hardening-os_hardening",
-  "version": "1.1.2",
+  "version": "2.0.0",
   "author": "Dominik Richter",
   "summary": "Configures the base OS with hardening",
   "license": "Apache-2.0",