Merge pull request #187 from Neophy7e/fixes/use-ansible-version-compare

Use ansible version compare module

Author: rndmh3ro

README.md

@@ -12,7 +12,7 @@ Warning: This role disables root-login on the target server! Please make sure yo
 
 ## Requirements
 
-* Ansible > 2.4
+* Ansible > 2.5
 
 ## Role Variables
 | Name           | Default Value | Description                        |

meta/main.yml

@@ -4,7 +4,7 @@ galaxy_info:
   description: 'This Ansible role provides numerous security-related ssh configurations, providing all-round base protection.'
   company: Hardening Framework Team
   license: Apache License 2.0
-  min_ansible_version: '2.4'
+  min_ansible_version: '2.5'
   platforms:
     - name: EL
       versions:

templates/openssh.conf.j2

@@ -82,7 +82,7 @@ ForwardX11 no
 
 # Never use host-based authentication. It can be exploited.
 HostbasedAuthentication no
-{% if sshd_version.stdout | float < 7.4 -%}
+{% if sshd_version.stdout is version('7.4', '<') %}
 RhostsRSAAuthentication no
 # Enable RSA authentication via identity files.
 RSAAuthentication yes
@@ -111,7 +111,7 @@ Compression yes
 #EscapeChar ~
 #VisualHostKey yes
 
-{% if sshd_version.stdout | float <= 7.1 -%}
+{% if sshd_version.stdout is version('7.1', '<=') %}
 # Disable experimental client roaming. This is known to cause potential issues with secrets being disclosed to malicious servers and defaults to being disabled.
 UseRoaming {{ 'yes' if ssh_client_roaming else 'no' }}
 {% endif %}

templates/opensshd.conf.j2

@@ -75,7 +75,7 @@ LogLevel VERBOSE
 # --------------
 
 # Secure Login directives.
-{% if sshd_version.stdout | float  < 7.5 -%}
+{% if sshd_version.stdout is version('7.5', '<') %}
 UsePrivilegeSeparation {% if (ansible_distribution == 'Debian' and ansible_distribution_major_version <= '6') or (ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version <= '6') -%}{{ssh_ps53}}{% else %}{{ssh_ps59}}{% endif %}
 {% endif %}