Merge pull request #797 from dev-sec/remdep

Remove unused files and variables

Author: schurzi

molecule/os_hardening/converge.yml

@@ -16,11 +16,10 @@
   vars:
     os_security_users_allow: change_user
     os_security_kernel_enable_core_dump: false
-    os_auditd_num_logs: 10
+    os_auditd_enabled: false
     os_security_suid_sgid_remove_from_unknown: true
     os_auth_pam_passwdqc_enable: false
     os_auth_lockout_time: 15
-    os_desktop_enable: true
     os_env_extra_user_paths: [/home]
     os_auth_allow_homeless: true
     os_security_suid_sgid_blacklist: [/bin/umount]

molecule/os_hardening/verify.yml

@@ -67,12 +67,14 @@
     http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
     https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
     no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
+  vars:
+    os_auditd_enabled: false
+    os_env_umask: "027 #override"
   tasks:
     # test if variable can be overridden
     - name: Workaround for https://github.com/ansible/ansible/issues/66304
       ansible.builtin.set_fact:
         ansible_virtualization_type: docker
-        os_env_umask: "027 #override"
 
     - name: Include os_hardening role
       ansible.builtin.include_role:

roles/os_hardening/defaults/main.yml

@@ -1,5 +1,4 @@
 ---
-os_desktop_enable: false
 os_env_user_paths: [/usr/local/sbin, /usr/local/bin, /usr/sbin, /usr/bin, /sbin, /bin]
 os_env_extra_user_paths: []
 os_auth_pw_max_age: 60

roles/os_hardening/meta/argument_specs.yml

@@ -4,10 +4,6 @@ argument_specs:
     short_description: The main entry point for the os hardening role.
     version_added: 8.8.0
     options:
-      os_desktop_enable:
-        default: false
-        type: bool
-        description: true if this is a desktop system, ie Xorg, KDE/GNOME/Unity/etc.
       os_env_user_paths:
         default: [/usr/local/sbin, /usr/local/bin, /usr/sbin, /usr/bin, /sbin, /bin]
         type: list