Skip to content

Commit

Permalink
Merge pull request #174 from bbaassssiiee/bugfix/sshd
Browse files Browse the repository at this point in the history
oscap scan found 2 issues in sshd configuration override files
  • Loading branch information
uk-bolly authored Feb 19, 2024
2 parents 21f24b4 + cc7f9cc commit 03e2a28
Showing 1 changed file with 27 additions and 10 deletions.
37 changes: 27 additions & 10 deletions tasks/section_5/cis_5.2.x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -150,11 +150,18 @@
- rule_5.2.6

- name: "5.2.7 | PATCH | Ensure SSH root login is disabled"
ansible.builtin.lineinfile:
path: "{{ rhel9_cis_sshd_config_file }}"
regexp: "^#PermitRootLogin|^PermitRootLogin"
line: 'PermitRootLogin no'
validate: sshd -t -f %s
block:
- name: "5.2.7 | PATCH | Ensure SSH root login is disabled | config file"
ansible.builtin.lineinfile:
path: "{{ rhel9_cis_sshd_config_file }}"
regexp: "^#PermitRootLogin|^PermitRootLogin"
line: 'PermitRootLogin no'
validate: sshd -t -f %s

- name: "5.2.7 | PATCH | Ensure SSH root login is disabled | override file"
ansible.builtin.file:
path: /etc/ssh/sshd_config.d/01-permitrootlogin.conf
state: absent
when:
- rhel9cis_rule_5_2_7
tags:
Expand Down Expand Up @@ -225,11 +232,21 @@
- rule_5.2.11

- name: "5.2.12 | PATCH | Ensure SSH X11 forwarding is disabled"
ansible.builtin.lineinfile:
path: "{{ rhel9_cis_sshd_config_file }}"
regexp: "^#X11Forwarding|^X11Forwarding"
line: 'X11Forwarding no'
validate: sshd -t -f %s
block:

- name: "5.2.12 | PATCH | Ensure SSH X11 forwarding is disabled | config file"
ansible.builtin.lineinfile:
path: "{{ rhel9_cis_sshd_config_file }}"
regexp: "^#X11Forwarding|^X11Forwarding"
line: 'X11Forwarding no'
validate: sshd -t -f %s

- name: "5.2.12 | PATCH | Ensure SSH X11 forwarding is disabled | override"
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config.d/50-redhat.conf
regexp: "^#X11Forwarding|^X11Forwarding"
line: 'X11Forwarding no'
validate: sshd -t -f %s
when:
- rhel9cis_rule_5_2_12
tags:
Expand Down

0 comments on commit 03e2a28

Please sign in to comment.