Merge pull request #30 from ansible-lockdown/June24_issues

June24 issues
ansible-lockdown · Jun 4, 2024 · cbef82b · cbef82b
2 parents 15511b3 + 90f5b0f
commit cbef82b
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -411,7 +411,7 @@ amazon2cis_ssh_loglevel: INFO
 # To conform to CIS standards this value nees to be 10 or less
 amazon2cis_ssh_maxsessions: 10
 amazon2cis_sshd:
-    # clientalivecountmax: 0
+    clientalivecountmax: 0
     # clientaliveinterval shoudl be between 1 and 900
     clientaliveinterval: 300
     ciphers: "[email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr"

diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml
@@ -28,7 +28,7 @@
         lineinfile:
             dest: /usr/lib/systemd/system/rescue.service
             regexp: '/sbin/sulogin'
-            line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default'
+            line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
   when:
       - amazon2cis_rule_1_4_2
       - ansible_facts['distribution_major_version'] is version('2', '>=')

diff --git a/tasks/section_5/cis_5.3.x.yml b/tasks/section_5/cis_5.3.x.yml
@@ -297,7 +297,7 @@
         lineinfile:
             path: /etc/ssh/sshd_config
             regexp: '^ClientAliveCountMax'
-            line: "ClientAliveCountMax 0"
+            line: "ClientAliveCountMax {{ amazon2cis_sshd['clientalivecountmax'] }}"
         notify: restart sshd
   when:
       - amazon2cis_rule_5_3_16