sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

lint updates

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2023-01-13 12:10:18 +00:00
parent 3ead0d63ac
commit acf0104f7a
No known key found for this signature in database
GPG key ID: 1DE02A772D0908F9
34 changed files with 199 additions and 213 deletions
Download patch file Download diff file Expand all files Collapse all files

10
tasks/section_5/cis_5.2.x.yml
View file

@ -84,7 +84,7 @@
regexp: "^AllowUsers"
line: "AllowUsers {{ rhel9cis_sshd['allowusers'] }}"
validate: sshd -t -f %s
notify: restart sshd
notify: Restart sshd
when: "rhel9cis_sshd['allowusers']|default('') | length > 0"
- name: "5.2.4 | PATCH | Ensure SSH access is limited | Add line to sshd_config for allowgroups"
@ -93,7 +93,7 @@
regexp: "^AllowGroups"
line: "AllowGroups {{ rhel9cis_sshd['allowgroups'] }}"
validate: sshd -t -f %s
notify: restart sshd
notify: Restart sshd
when: "rhel9cis_sshd['allowgroups']|default('') | length > 0"
- name: "5.2.4 | PATCH | Ensure SSH access is limited | Add line to sshd_config for denyusers"
@ -102,7 +102,7 @@
regexp: "^DenyUsers"
line: "DenyUsers {{ rhel9cis_sshd['denyusers'] }}"
validate: sshd -t -f %s
notify: restart sshd
notify: Restart sshd
when: "rhel9cis_sshd['denyusers']|default('') | length > 0"
- name: "5.2.4 | PATCH | Ensure SSH access is limited | Add line to sshd_config for denygroups"
@ -111,7 +111,7 @@
regexp: "^DenyGroups"
line: "DenyGroups {{ rhel9cis_sshd['denygroups'] }}"
validate: sshd -t -f %s
notify: restart sshd
notify: Restart sshd
when: "rhel9cis_sshd['denygroups']|default('') | length > 0"
when:
- rhel9cis_rule_5_2_4
@ -267,7 +267,7 @@
- name: "5.2.14 | PATCH | Ensure system-wide crypto policy is not over-ridden"
ansible.builtin.shell: sed -ri "s/^\s*(CRYPTO_POLICY\s*=.*)$/# \1/" /etc/sysconfig/sshd
notify: restart sshd
notify: Restart sshd
when: ssh_crypto_discovery.stdout | length > 0
when:
- rhel9cis_rule_5_2_14