Merge pull request #220 from dev-sec/fix_sel

Fix selinux inclusion

Author: rndmh3ro

.kitchen.vagrant.yml

@@ -20,9 +20,6 @@ provisioner:
   http_proxy: <%= ENV['http_proxy'] || nil %>
   https_proxy: <%= ENV['https_proxy'] || nil %>
 
-transport:
-  max_ssh_sessions: 5
-
 platforms:
 - name: ubuntu-16.04
   driver_config:

.kitchen.yml

@@ -6,9 +6,6 @@ driver:
   http_proxy: <%= ENV['http_proxy'] || nil %>
   https_proxy: <%= ENV['https_proxy'] || nil %>
 
-transport:
-  max_ssh_sessions: 5
-
 provisioner:
   name: ansible_playbook
   hosts: all

Gemfile

@@ -11,6 +11,7 @@ group :integration do
   gem 'kitchen-sync'
   gem 'kitchen-transport-rsync'
   gem 'kitchen-docker'
+  gem 'inspec', '~> 3'
 end
 
 group :tools do

tasks/hardening.yml

@@ -73,4 +73,4 @@
 
 - name: include selinux specific tasks
   include_tasks: selinux.yml
-  when: ansible_selinux and ansible_selinux.status != "disabled"
+  when: ansible_selinux and ansible_selinux.status == "enabled"

tasks/selinux.yml

@@ -57,7 +57,7 @@
   - name: install selinux policy
     command: semodule -i {{ ssh_custom_selinux_dir }}/ssh_password.pp
 
-  when: not ssh_use_pam and ansible_selinux != 'Disabled' and ssh_password_module.stdout.find('ssh_password') != 0
+  when: not ssh_use_pam and ssh_password_module.stdout.find('ssh_password') != 0
 
 # The following tasks only get executed when selinux is installed, UsePam is 'yes' and the ssh_password module is installed.
 # See http://danwalsh.livejournal.com/12333.html for more info

tests/default.yml

@@ -6,6 +6,7 @@
       with_items:
         - "openssh-clients"
         - "openssh-server"
+        - "libselinux-python"
       ignore_errors: true
     - apt: name="{{item}}" state=present update_cache=true
       with_items:

tests/default_custom.yml

@@ -6,6 +6,7 @@
       with_items:
         - "openssh-clients"
         - "openssh-server"
+        - "libselinux-python"
       ignore_errors: true
     - apt: name="{{item}}" state=present update_cache=true
       with_items: