ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Using in defaults file same var-name as the actual ones which are in use for SSH-tasks

Browse source 
Signed-off-by: Pruteanu <ionut.pruteanu@siemens.com>
This commit is contained in:
Pruteanu 2024-02-22 15:52:21 +02:00
parent 40bc7aa082
commit 849d7fdd84
No known key found for this signature in database
GPG key ID: 8665D673971C2D62
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
defaults/main.yml
View file

@ -1012,26 +1012,26 @@ rhel9cis_sshd:
# If an USER@HOST format will be used, the specified user will be allowed only on that particular host.
# The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
# For more info, see https://linux.die.net/man/5/sshd_config
allow_users: ""
allowusers: ""
# (String) This variable, if spcieifed, configures a list of GROUP name patterns, separated by spaces, to allow SSH access
# for users whose primary group or supplementary group list matches one of the patterns. This is done
# by setting the value of `AllowGroups` option in `/etc/ssh/sshd_config` file.
# The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
# For more info, https://linux.die.net/man/5/sshd_config
allow_groups: "wheel"
allowgroups: "wheel"
# This variable, if specified, configures a list of USER name patterns, separated by spaces, to prevent SSH access
# for users whose user name matches one of the patterns. This is done
# by setting the value of `DenyUsers` option in `/etc/ssh/sshd_config` file.
# If an USER@HOST format will be used, the specified user will be restricted only on that particular host.
# The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
# For more info, see https://linux.die.net/man/5/sshd_config
deny_users: "nobody"
denyusers: "nobody"
# This variable, if specified, configures a list of GROUP name patterns, separated by spaces, to prevent SSH access
# for users whose primary group or supplementary group list matches one of the patterns. This is done
# by setting the value of `DenyGroups` option in `/etc/ssh/sshd_config` file.
# The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
# For more info, see https://linux.die.net/man/5/sshd_config
deny_groups: ""
denygroups: ""
## Control 5.2.5 - Ensure SSH LogLevel is appropriate
# This variable is used to control the verbosity of the logging produced by the SSH server.