sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

X11Forwarding found in /etc/ssh/sshd_config.d/50-redhat.conf

Browse source 
Signed-off-by: Bas Meijer <bas.meijer@me.com>
This commit is contained in:
Bas Meijer 2024-02-10 00:27:33 +01:00
parent baf8987a5f
commit cc7f9ccfd0
No known key found for this signature in database
GPG key ID: D6F7A6A6D66BAEAB
1 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

20
tasks/section_5/cis_5.2.x.yml
View file

@ -232,11 +232,21 @@
- rule_5.2.11
- name: "5.2.12 | PATCH | Ensure SSH X11 forwarding is disabled"
ansible.builtin.lineinfile:
path: "{{ rhel9_cis_sshd_config_file }}"
regexp: "^#X11Forwarding|^X11Forwarding"
line: 'X11Forwarding no'
validate: sshd -t -f %s
block:
- name: "5.2.12 | PATCH | Ensure SSH X11 forwarding is disabled | config file"
ansible.builtin.lineinfile:
path: "{{ rhel9_cis_sshd_config_file }}"
regexp: "^#X11Forwarding|^X11Forwarding"
line: 'X11Forwarding no'
validate: sshd -t -f %s
- name: "5.2.12 | PATCH | Ensure SSH X11 forwarding is disabled | override"
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config.d/50-redhat.conf
regexp: "^#X11Forwarding|^X11Forwarding"
line: 'X11Forwarding no'
validate: sshd -t -f %s
when:
- rhel9cis_rule_5_2_12
tags: