This repository was archived by the owner on Dec 26, 2020. It is now read-only.
File tree Expand file tree Collapse file tree 2 files changed +11
-6
lines changed Expand file tree Collapse file tree 2 files changed +11
-6
lines changed Original file line number Diff line number Diff line change @@ -62,7 +62,9 @@ script:
6262
6363 # Verify role
6464 # remove the UseLogin-check, see here for reasons: https://github.com/dev-sec/ansible-ssh-hardening/pull/141
65- - ' inspec exec https://github.com/dev-sec/ssh-baseline/ -t docker://$(cat ${container_id}) --controls=sshd-01 sshd-02 sshd-03 sshd-04 sshd-05 sshd-06 sshd-07 sshd-08 sshd-09 sshd-10 sshd-11 sshd-12 sshd-13 sshd-14 sshd-16 sshd-17 sshd-18 sshd-19 sshd-20 sshd-21 sshd-22 sshd-23 sshd-24 sshd-25 sshd-26 sshd-27 sshd-28 sshd-29 sshd-30 sshd-31 sshd-32 sshd-33 sshd-34 sshd-35 sshd-36 sshd-37 sshd-38 sshd-39 sshd-40'
65+ - ' inspec exec https://github.com/dev-sec/ssh-baseline/ -t docker://$(cat ${container_id}) --controls=sshd-01 sshd-02 sshd-03 sshd-04 sshd-05 sshd-06 sshd-07 sshd-08 sshd-09 sshd-10 sshd-11 sshd-12 sshd-13 sshd-14 sshd-16 sshd-17 sshd-18 sshd-19 sshd-20 sshd-21 sshd-22 sshd-23 sshd-24 sshd-25 sshd-26 sshd-27 sshd-28 sshd-29 sshd-30 sshd-31 sshd-32 sshd-33 sshd-34 sshd-35 sshd-36 sshd-37 sshd-38 sshd-39 sshd-40 sshd-41 sshd-42 sshd-43 sshd-44 sshd-45 sshd-46 sshd-47 sshd-48'
66+ # remove UseRoaming and RhostsRSAAuthentication because these options are deprecated
67+ - ' inspec exec https://github.com/dev-sec/ssh-baseline/ -t docker://$(cat ${container_id}) --controls=ssh-01 ssh-02 ssh-03 ssh-04 ssh-05 ssh-06 ssh-07 ssh-08 ssh-09 ssh-10 ssh-11 ssh-12 ssh-13 ssh-16 ssh-17 ssh-18 ssh-19 ssh-20'
6668
6769notifications :
6870 webhooks : https://galaxy.ansible.com/api/v1/notifications/
Original file line number Diff line number Diff line change 1515 register : sshd_version
1616 check_mode : no
1717
18- - include_tasks : crypto.yml
18+ - name : include tasks to create crypo-vars
19+ include_tasks : crypto.yml
1920
2021- name : create revoked_keys and set permissions to root/600
2122 template :
5960 notify : restart sshd
6061 when : sshd_register_moduli.stdout
6162
62- - include_tasks : ca_keys_and_principals.yml
63+ - name : include tasks to setup ca keys and principals
64+ include_tasks : ca_keys_and_principals.yml
6365 when : ssh_trusted_user_ca_keys_file != ''
6466
65- # Install the 2FA packages and setup the config in PAM and SSH
66- - include_tasks : 2fa.yml
67+ - name : include tasks to setup 2FA
68+ include_tasks : 2fa.yml
6769 when :
6870 - ssh_use_pam
6971 - ssh_challengeresponseauthentication
7678 changed_when : false
7779 check_mode : no
7880
79- - include_tasks : selinux.yml
81+ - name : include selinux specific tasks
82+ include_tasks : selinux.yml
8083 when : sestatus.rc == 0
You can’t perform that action at this time.
0 commit comments