mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-24 22:23:06 +00:00
renamed variable and updated tag
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell
parent
14d038e8eb
commit
7c4c3f9e4d
3 changed files with 24 additions and 24 deletions
|
|
@ -178,7 +178,7 @@
|
|||
- name: "5.1.7 | PATCH | Ensure sshd access is configured | Add line to sshd_config for allowusers"
|
||||
when: "rhel9cis_sshd_allowusers | length > 0"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: "^AllowUsers"
|
||||
line: "AllowUsers {{ rhel9cis_sshd_allowusers }}"
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -187,7 +187,7 @@
|
|||
- name: "5.1.7 | PATCH | Ensure sshd access is configured | Add line to sshd_config for allowgroups"
|
||||
when: "rhel9cis_sshd_allowgroups | length > 0"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: "^AllowGroups"
|
||||
line: "AllowGroups {{ rhel9cis_sshd_allowgroups }}"
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -196,7 +196,7 @@
|
|||
- name: "5.1.7 | PATCH | Ensure sshd access is configured | Add line to sshd_config for denyusers"
|
||||
when: "rhel9cis_sshd_denyusers | length > 0"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: "^DenyUsers"
|
||||
line: "DenyUsers {{ rhel9cis_sshd_denyusers }}"
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -205,7 +205,7 @@
|
|||
- name: "5.1.7 | PATCH | Ensure sshd access is configured | Add line to sshd_config for denygroups"
|
||||
when: "rhel9cis_sshd_denygroups | length > 0"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: "^DenyGroups"
|
||||
line: "DenyGroups {{ rhel9cis_sshd_denygroups }}"
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -226,7 +226,7 @@
|
|||
- NIST800-53R5_CM-7
|
||||
- NIST800-53R5_IA-5
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: '^Banner'
|
||||
line: 'Banner /etc/issue.net'
|
||||
|
||||
|
|
@ -247,7 +247,7 @@
|
|||
block:
|
||||
- name: "5.1.9 | PATCH | Ensure sshd ClientAliveInterval and ClientAliveCountMax are configured | Add line in sshd_config for ClientAliveInterval"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: '^ClientAliveInterval'
|
||||
line: "ClientAliveInterval {{ rhel9cis_sshd_clientaliveinterval }}"
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -255,7 +255,7 @@
|
|||
|
||||
- name: "5.1.9 | PATCH | Ensure sshd ClientAliveInterval and ClientAliveCountMax are configured | Ensure SSH ClientAliveCountMax set to <= 3"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: '^ClientAliveCountMax'
|
||||
line: "ClientAliveCountMax {{ rhel9cis_sshd_clientalivecountmax }}"
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -274,7 +274,7 @@
|
|||
block:
|
||||
- name: "5.1.10 | PATCH | Ensure sshd DisableForwarding is enabled | config file"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(#|)\s*DisableForwarding
|
||||
line: 'DisableForwarding yes'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -313,7 +313,7 @@
|
|||
|
||||
- name: "5.1.11 | PATCH | Ensure sshd GSSAPIAuthentication is disabled | ssh config"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*GSSAPIAuthentication
|
||||
line: GSSAPIAuthentication no
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -334,7 +334,7 @@
|
|||
- NIST800-53R5_CM-7
|
||||
- NIST800-53R5_IA-5
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*HostbasedAuthentication
|
||||
line: 'HostbasedAuthentication no'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -355,7 +355,7 @@
|
|||
- NIST800-53R5_CM-7
|
||||
- NIST800-53R5_IA-5
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*IgnoreRhosts
|
||||
line: 'IgnoreRhosts yes'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -372,7 +372,7 @@
|
|||
- rule_5.1.14
|
||||
- NIST800-53R5_CM-6
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*LoginGraceTime
|
||||
line: "LoginGraceTime {{ rhel9cis_sshd_logingracetime }}"
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -391,7 +391,7 @@
|
|||
- NIST800-53R5_AU-12
|
||||
- NIST800-53R5_SI-5
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*LogLevel
|
||||
line: 'LogLevel {{ rhel9cis_ssh_loglevel }}'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -408,7 +408,7 @@
|
|||
- rule_5.1.16
|
||||
- NIST800-53R5_AU-3
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: '^(#)?MaxAuthTries \d'
|
||||
line: 'MaxAuthTries {{ rhel9cis_ssh_maxauthtries }}'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -429,7 +429,7 @@
|
|||
- NIST800-53R5_CM-7
|
||||
- NIST800-53R5_IA-5
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*MaxStartups
|
||||
line: 'MaxStartups {{ rhel9cis_ssh_maxstartups }}'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -450,7 +450,7 @@
|
|||
- NIST800-53R5_CM-7
|
||||
- NIST800-53R5_IA-5
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*MaxSessions
|
||||
line: 'MaxSessions {{ rhel9cis_ssh_maxsessions }}'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -471,7 +471,7 @@
|
|||
- NIST800-53R5_CM-7
|
||||
- NIST800-53R5_IA-5
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*PermitEmptyPasswords
|
||||
line: 'PermitEmptyPasswords no'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -490,7 +490,7 @@
|
|||
block:
|
||||
- name: "5.1.20 | PATCH | Ensure sshd PermitRootLogin is disabled | config file"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*PermitRootLogin
|
||||
line: 'PermitRootLogin no'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -517,7 +517,7 @@
|
|||
- NIST800-53R5_CM-7
|
||||
- NIST800-53R5_IA-5
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*PermitUserEnvironment
|
||||
line: 'PermitUserEnvironment no'
|
||||
validate: sshd -t -f %s
|
||||
|
|
@ -538,7 +538,7 @@
|
|||
- NIST800-53R5_CM-7
|
||||
- NIST800-53R5_IA-5
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ rhel9_cis_sshd_config_file }}"
|
||||
path: "{{ rhel9cis_sshd_config_file }}"
|
||||
regexp: ^(?i)(#|)\s*UsePAM
|
||||
line: 'UsePAM yes'
|
||||
validate: sshd -t -f %s
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue