This repository was archived by the owner on Dec 26, 2020. It is now read-only.
File tree Expand file tree Collapse file tree 3 files changed +9
-9
lines changed Expand file tree Collapse file tree 3 files changed +9
-9
lines changed Original file line number Diff line number Diff line change 2626 owner : ' {{ ssh_owner }}'
2727 group : ' {{ ssh_group }}'
2828 notify : restart sshd
29- when : ssh_server_hardening
29+ when : ssh_server_hardening | bool
3030
3131- name : create sshd_config and set permissions to root/600
3232 template :
3737 group : ' {{ ssh_group }}'
3838 validate : ' /usr/sbin/sshd -T -C user=root -C host=localhost -C addr=localhost -f %s'
3939 notify : restart sshd
40- when : ssh_server_hardening
40+ when : ssh_server_hardening | bool
4141
4242- name : create ssh_config and set permissions to root/644
4343 template :
4646 mode : ' 0644'
4747 owner : ' {{ ssh_owner }}'
4848 group : ' {{ ssh_group }}'
49- when : ssh_client_hardening
49+ when : ssh_client_hardening | bool
5050
5151- name : Check if {{ sshd_moduli_file }} contains weak DH parameters
5252 shell : awk '$5 < {{ sshd_moduli_minimum }}' {{ sshd_moduli_file }}
6767- name : include tasks to setup 2FA
6868 include_tasks : 2fa.yml
6969 when :
70- - ssh_use_pam
71- - ssh_challengeresponseauthentication
72- - ssh_google_auth
70+ - ssh_use_pam | bool
71+ - ssh_challengeresponseauthentication | bool
72+ - ssh_google_auth | bool
7373
7474- name : include selinux specific tasks
7575 include_tasks : selinux.yml
Original file line number Diff line number Diff line change 11---
22
33- include_tasks : hardening.yml
4- when : ssh_hardening_enabled
4+ when : ssh_hardening_enabled | bool
Original file line number Diff line number Diff line change 5757 - name : install selinux policy
5858 command : semodule -i {{ ssh_custom_selinux_dir }}/ssh_password.pp
5959
60- when : not ssh_use_pam and ssh_password_module.stdout.find('ssh_password') != 0
60+ when : not ssh_use_pam | bool and ssh_password_module.stdout.find('ssh_password') != 0
6161
6262# The following tasks only get executed when selinux is installed, UsePam is 'yes' and the ssh_password module is installed.
6363# See http://danwalsh.livejournal.com/12333.html for more info
6464- name : remove selinux-policy when Pam is used, because Allowing sshd to read the shadow file directly is considered a potential security risk
6565 command : semodule -r ssh_password
66- when : ssh_use_pam and ssh_password_module.stdout.find('ssh_password') == 0
66+ when : ssh_use_pam | bool and ssh_password_module.stdout.find('ssh_password') == 0
You can’t perform that action at this time.
0 commit comments