update readme, kitchen.yml, requirements.yml

Sebastian Gumprich · Sebastian Gumprich · commit f56e209eff93 · 2016-05-22T20:00:08.000+02:00
readme:
- make vars a table
- replace hardening with dev-sec
- add anton to authors

kitchen.yml
- consolidate variables

use geerlingguy mysql role
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -5,9 +5,14 @@ provisioner:
   name: ansible_playbook
   test_repo_uri: https://github.com/hardening-io/tests-mysql-hardening.git
   hosts: all
+  playbook: default.yml
   require_ansible_repo: false
   require_ansible_omnibus: true
-  requirements_path: requirements.txt
+  requirements_path: requirements.yml
+  ansible_verbose: true
+  ansible_diff: true
+  roles_path: ../ansible-mysql-hardening/
+
 platforms:
 - name: ubuntu-12.04
   driver_config:
@@ -47,17 +52,6 @@ platforms:
     box_url: https://opscode-vm-bento.s3.amazonaws.com/vagrant/virtualbox/opscode_debian-8.1_chef-provisionerless.box
 suites:
 - name: ansible_1.9
-  hosts: all
-  ansible_verbose: true
-  ansible_diff: true
-  roles_path: ../ansible-mysql-hardening/
   provisioner:
-    playbook: test/integration/playbooks/default.yml
     ansible_version: 1.9.4
 - name: ansible_latest
-  hosts: all
-  ansible_verbose: true
-  ansible_diff: true
-  roles_path: ../ansible-mysql-hardening/
-  provisioner:
-    playbook: test/integration/playbooks/default.yml
diff --git a/README.md b/README.md
@@ -11,6 +11,7 @@ This role focuses on security configuration of MySQL. Therefore you can add this
 ## Requirements
 
 * Ansible
+* Python MySQL-DB Package
 
 ## Usage
 
@@ -20,7 +21,7 @@ Before you use this role make sure to have a valid login-configuration in `~/.my
 
     - hosts: localhost
       roles:
-        - hardening.mysql-hardening
+        - dev-sec.mysql-hardening
 
 This hardening role installs the hardening but expects an existing installation of MySQL, MariaDB or Percona. Please ensure that the following variables are set accordingly:
 
@@ -32,48 +33,21 @@ This hardening role installs the hardening but expects an existing installation
 
 Further information is already available at [Deutsche Telekom (German)](http://www.telekom.com/static/-/155996/7/technische-sicherheitsanforderungen-si) and [Symantec](http://www.symantec.com/connect/articles/securing-mysql-step-step)
 
-* `mysql_hardening_chroot` - [chroot](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_chroot)
-* `mysql_hardening_options.safe-user-create` - [safe-user-create](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_safe-user-create)
-* `mysql_hardening_options.safe-user-create` - [secure-auth](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-auth)
-* `mysql_hardening_options.skip-symbolic-links` - [skip-symbolic-links](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_symbolic-links)
-* `mysql_hardening_skip_show_database` - [skip-show-database](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-show-database)
-* `mysql_hardening_options.local-infile` - [local-infile](http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_local_infile)
-* `mysql_hardening_options.allow-suspicious-udfs` - [allow-suspicious-udfs](https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_allow-suspicious-udfs)
-* `mysql_hardening_chroot.automatic-sp-privileges` - [automatic_sp_privileges](https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_automatic_sp_privileges)
-* `mysql_hardening_options.secure-file-priv` - [secure-file-priv](https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-file-priv)
-
-## Security Configuration
-
-This setup sets the following parameters by default
-
-    # via `mysql_hardening_options.local-infile`
-    local-infile = 0
-
-    # via `mysql_hardening_options.safe-user-create`
-    safe-user-create = 1
-
-    # via `mysql_hardening_options.safe-user-create`
-    secure-auth = 1
-
-    # via `mysql_hardening_skip_show_database`
-    skip-show-database
-
-    # via `mysql_hardening_options.skip-symbolic-links`
-    skip-symbolic-links
-
-    # via `mysql_hardening_chroot.automatic-sp-privileges`
-    automatic_sp_privileges = 0
-
-    # via `mysql_hardening_options.secure-file-priv`
-    secure-file-priv = /tmp
-
-
-Additionally it ensures that the following parameters are not set
-
- * deactivate old-passwords via `mysql_hardening_options.secure-auth`
- * deactivate allow-suspicious-udfs via `mysql_hardening_options.allow-suspicious-udfs`
- * skip-grant-tables via `mysql_hardening_skip_grant_tables`
- * the permissions of `/var/lib/mysql` is limited to `mysql` user.
+| Name           | Default Value | Description                        |
+| -------------- | ------------- | -----------------------------------|
+| `mysql_hardening_chroot` | "" | [chroot](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_chroot)|
+| `mysql_hardening_options.safe-user-create` | 1 | [safe-user-create](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_safe-user-create)|
+| `mysql_hardening_options.secure-auth` | 1 | [secure-auth](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-auth)|
+| `mysql_hardening_options.skip-symbolic-links` | 1 | [skip-symbolic-links](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_symbolic-links)|
+| `mysql_hardening_skip_grant_tables:` | false | [skip-grant-tables](https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-grant-tables)|
+| `mysql_hardening_skip_show_database` | 1 | [skip-show-database](http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-show-database)|
+| `mysql_hardening_options.local-infile` | 0 | [local-infile](http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_local_infile)|
+| `mysql_hardening_options.allow-suspicious-udfs` | 0 | [allow-suspicious-udfs](https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_allow-suspicious-udfs)|
+| `mysql_hardening_chroot.automatic-sp-privileges` | 0 | [automatic_sp_privileges](https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_automatic_sp_privileges)|
+| `mysql_hardening_options.secure-file-priv` | /tmp | [secure-file-priv](https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-file-priv)|
+| `mysql_allow_remote_root` | false | delete remote root users |
+| `mysql_remove_anonymous_users` | true | remove users without authentication |
+| `mysql_remove_test_database` | true | remove test database |
 
 ## Local Testing
 
@@ -108,13 +82,11 @@ bundle exec kitchen converge default-ubuntu-1204
 
 For more information see [test-kitchen](http://kitchen.ci/docs/getting-started)
 
-## Contributors + Kudos
-
-...
 
 ## License and Author
 
 * Author:: Sebastian Gumprich <sebastian.gumprich@38.de>
+* Author:: Anton Lugovoi <anton.lugovoi@outlook.com>
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -128,4 +100,4 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 
-[3]: https://gitter.im/hardening-io/general
+[3]: https://gitter.im/dev-sec/general
diff --git a/requirements.txt b/requirements.txt
diff --git a/requirements.yml b/requirements.yml
@@ -0,0 +1 @@
+- src: geerlingguy.mysql
