Merge branch 'PovilasGT-master'

Sebastian Gumprich · Sebastian Gumprich · commit 3d351ef748fc · 2020-03-27T21:21:16.000+01:00
diff --git a/tasks/hardening.yml b/tasks/hardening.yml
@@ -2,10 +2,10 @@
 - name: Set OS dependent variables
   include_vars: '{{ item }}'
   with_first_found:
-   - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml'
-   - '{{ ansible_distribution }}.yml'
-   - '{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml'
-   - '{{ ansible_os_family }}.yml'
+   - '{{ ansible_facts.distribution }}_{{ ansible_facts.distribution_major_version }}.yml'
+   - '{{ ansible_facts.distribution }}.yml'
+   - '{{ ansible_facts.os_family }}_{{ ansible_facts.distribution_major_version }}.yml'
+   - '{{ ansible_facts.os_family }}.yml'
 
 - name: get openssh-version
   command: ssh -V
diff --git a/templates/opensshd.conf.j2 b/templates/opensshd.conf.j2
@@ -87,7 +87,7 @@ LogLevel {{ sshd_log_level }}
 UseLogin no
 {% endif %}
 {% if sshd_version is version('7.5', '<') %}
-UsePrivilegeSeparation {% if (ansible_distribution == 'Debian' and ansible_distribution_major_version <= '6') or (ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version <= '6') -%}{{ssh_ps53}}{% else %}{{ssh_ps59}}{% endif %}
+UsePrivilegeSeparation {% if (ansible_facts.distribution == 'Debian' and ansible_facts.distribution_major_version <= '6') or (ansible_facts.os_family in ['Oracle Linux', 'RedHat'] and ansible_facts.distribution_major_version <= '6') -%}{{ssh_ps53}}{% else %}{{ssh_ps59}}{% endif %}
 {% endif %}
 
 LoginGraceTime 30s
@@ -217,13 +217,13 @@ UseDNS {{ 'yes' if (ssh_use_dns|bool) else 'no' }}
 
 PrintMotd {{ 'yes' if (ssh_print_motd|bool) else 'no' }}
 
-{% if ansible_os_family != 'FreeBSD' %}
+{% if ansible_facts.os_family != 'FreeBSD' %}
 PrintLastLog {{ 'yes' if (ssh_print_last_log|bool) else 'no' }}
 {% endif %}
 
 Banner {{ '/etc/ssh/banner.txt' if (ssh_banner|bool) else 'none' }}
 
-{% if ansible_os_family == 'Debian' -%}
+{% if ansible_facts.os_family == 'Debian' -%}
 DebianBanner {{ 'yes' if (ssh_print_debian_banner|bool) else 'no' }}
 {% endif %}
 
diff --git a/tests/default.yml b/tests/default.yml
@@ -17,7 +17,7 @@
     - file: path="/var/run/sshd" state=directory
     - name: create ssh host keys
       command: "ssh-keygen -A"
-      when: not ((ansible_os_family in ['Oracle Linux', 'RedHat']) and ansible_distribution_major_version < '7') or ansible_distribution == "Fedora"
+      when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or ansible_facts.distribution == "Fedora"
 
   roles:
     - ansible-ssh-hardening
diff --git a/tests/default_custom.yml b/tests/default_custom.yml
@@ -17,7 +17,7 @@
     - file: path="/var/run/sshd" state=directory
     - name: create ssh host keys
       command: "ssh-keygen -A"
-      when: not ((ansible_os_family in ['Oracle Linux', 'RedHat']) and ansible_distribution_major_version < '7') or ansible_distribution == "Fedora"
+      when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or ansible_facts.distribution == "Fedora"
 
   roles:
     - ansible-ssh-hardening
