sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

PermitRootLogin found in /etc/ssh/sshd_config.d/01-permitrootlogin.conf

Browse source 
Signed-off-by: Bas Meijer <bas.meijer@me.com>
This commit is contained in:
Bas Meijer 2024-02-09 22:32:09 +01:00
parent 3fe681c0d2
commit baf8987a5f
No known key found for this signature in database
GPG key ID: D6F7A6A6D66BAEAB
1 changed files with 12 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

17
tasks/section_5/cis_5.2.x.yml
View file

@ -150,11 +150,18 @@
- rule_5.2.6
- name: "5.2.7 | PATCH | Ensure SSH root login is disabled"
ansible.builtin.lineinfile:
path: "{{ rhel9_cis_sshd_config_file }}"
regexp: "^#PermitRootLogin|^PermitRootLogin"
line: 'PermitRootLogin no'
validate: sshd -t -f %s
block:
- name: "5.2.7 | PATCH | Ensure SSH root login is disabled | config file"
ansible.builtin.lineinfile:
path: "{{ rhel9_cis_sshd_config_file }}"
regexp: "^#PermitRootLogin|^PermitRootLogin"
line: 'PermitRootLogin no'
validate: sshd -t -f %s
- name: "5.2.7 | PATCH | Ensure SSH root login is disabled | override file"
ansible.builtin.file:
path: /etc/ssh/sshd_config.d/01-permitrootlogin.conf
state: absent
when:
- rhel9cis_rule_5_2_7
tags: