ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-27 15:33:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

issue #182, PR #183 thansk to @ipruteanu-sie

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-03-06 09:21:46 +00:00
parent b31ece0ce8
commit bf7df3fea2
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
defaults/main.yml
View file

@ -1017,26 +1017,26 @@ rhel9cis_sshd:
# If an USER@HOST format will be used, the specified user will be allowed only on that particular host. # If an USER@HOST format will be used, the specified user will be allowed only on that particular host.
# The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups. # The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
# For more info, see https://linux.die.net/man/5/sshd_config # For more info, see https://linux.die.net/man/5/sshd_config
allow_users: "" allowusers: ""
# (String) This variable, if spcieifed, configures a list of GROUP name patterns, separated by spaces, to allow SSH access # (String) This variable, if spcieifed, configures a list of GROUP name patterns, separated by spaces, to allow SSH access
# for users whose primary group or supplementary group list matches one of the patterns. This is done # for users whose primary group or supplementary group list matches one of the patterns. This is done
# by setting the value of `AllowGroups` option in `/etc/ssh/sshd_config` file. # by setting the value of `AllowGroups` option in `/etc/ssh/sshd_config` file.
# The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups. # The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
# For more info, https://linux.die.net/man/5/sshd_config # For more info, https://linux.die.net/man/5/sshd_config
allow_groups: "wheel" allowgroups: "wheel"
# This variable, if specified, configures a list of USER name patterns, separated by spaces, to prevent SSH access # This variable, if specified, configures a list of USER name patterns, separated by spaces, to prevent SSH access
# for users whose user name matches one of the patterns. This is done # for users whose user name matches one of the patterns. This is done
# by setting the value of `DenyUsers` option in `/etc/ssh/sshd_config` file. # by setting the value of `DenyUsers` option in `/etc/ssh/sshd_config` file.
# If an USER@HOST format will be used, the specified user will be restricted only on that particular host. # If an USER@HOST format will be used, the specified user will be restricted only on that particular host.
# The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups. # The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
# For more info, see https://linux.die.net/man/5/sshd_config # For more info, see https://linux.die.net/man/5/sshd_config
deny_users: "nobody" denyusers: "nobody"
# This variable, if specified, configures a list of GROUP name patterns, separated by spaces, to prevent SSH access # This variable, if specified, configures a list of GROUP name patterns, separated by spaces, to prevent SSH access
# for users whose primary group or supplementary group list matches one of the patterns. This is done # for users whose primary group or supplementary group list matches one of the patterns. This is done
# by setting the value of `DenyGroups` option in `/etc/ssh/sshd_config` file. # by setting the value of `DenyGroups` option in `/etc/ssh/sshd_config` file.
# The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups. # The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
# For more info, see https://linux.die.net/man/5/sshd_config # For more info, see https://linux.die.net/man/5/sshd_config
deny_groups: "" denygroups: ""
## Control 5.2.5 - Ensure SSH LogLevel is appropriate ## Control 5.2.5 - Ensure SSH LogLevel is appropriate
# This variable is used to control the verbosity of the logging produced by the SSH server. # This variable is used to control the verbosity of the logging produced by the SSH server.