-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use parameter value in ansible lineinfile macro #10958
Use parameter value in ansible lineinfile macro #10958
Conversation
Skipping CI for Draft Pull Request. |
This datastream diff is auto generated by the check Click here to see the full diffansible remediation for rule 'xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy' differs.
--- xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy
+++ xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
- create: false
+ create: true
regexp: ^.*Ciphers\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/crypto-policies/back-ends/openssh.config
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
- create: false
+ create: true
regexp: ^.*Ciphers\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy' differs.
--- xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy
+++ xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
- create: false
+ create: true
regexp: ^.*MACs\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/crypto-policies/back-ends/openssh.config
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
- create: false
+ create: true
regexp: ^.*MACs\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_after_time' differs.
--- xccdf_org.ssgproject.content_rule_configure_tmux_lock_after_time
+++ xccdf_org.ssgproject.content_rule_configure_tmux_lock_after_time
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/tmux.conf
- create: false
+ create: true
regexp: ^\s*set -g lock-after-time\s+
mode: '0644'
state: absent
@@ -15,7 +15,7 @@
- name: Deduplicate values from /etc/tmux.conf
lineinfile:
path: /etc/tmux.conf
- create: false
+ create: true
regexp: ^\s*set -g lock-after-time\s+
mode: '0644'
state: absent
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_command' differs.
--- xccdf_org.ssgproject.content_rule_configure_tmux_lock_command
+++ xccdf_org.ssgproject.content_rule_configure_tmux_lock_command
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/tmux.conf
- create: false
+ create: true
regexp: ^\s*set -g lock-command\s+
mode: '0644'
state: absent
@@ -15,7 +15,7 @@
- name: Deduplicate values from /etc/tmux.conf
lineinfile:
path: /etc/tmux.conf
- create: false
+ create: true
regexp: ^\s*set -g lock-command\s+
mode: '0644'
state: absent
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding' differs.
--- xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding
+++ xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding
@@ -1,7 +1,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/tmux.conf
- create: false
+ create: true
regexp: \s*bind\s+\w\s+lock-session.*$
mode: '0644'
state: absent
@@ -22,7 +22,7 @@
- name: Deduplicate values from /etc/tmux.conf
lineinfile:
path: /etc/tmux.conf
- create: false
+ create: true
regexp: \s*bind\s+\w\s+lock-session.*$
mode: '0644'
state: absent
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs' differs.
--- xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs
+++ xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs
@@ -17,7 +17,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/login.defs
- create: false
+ create: true
regexp: ^\s*CREATE_HOME\s+
state: absent
check_mode: true
@@ -27,7 +27,7 @@
- name: Deduplicate values from /etc/login.defs
lineinfile:
path: /etc/login.defs
- create: false
+ create: true
regexp: ^\s*CREATE_HOME\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_freq' differs.
--- xccdf_org.ssgproject.content_rule_auditd_freq
+++ xccdf_org.ssgproject.content_rule_auditd_freq
@@ -17,7 +17,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*freq\s*=\s*
state: absent
check_mode: true
@@ -27,7 +27,7 @@
- name: Deduplicate values from /etc/audit/auditd.conf
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*freq\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_local_events' differs.
--- xccdf_org.ssgproject.content_rule_auditd_local_events
+++ xccdf_org.ssgproject.content_rule_auditd_local_events
@@ -18,7 +18,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*local_events\s*=\s*
state: absent
check_mode: true
@@ -28,7 +28,7 @@
- name: Deduplicate values from /etc/audit/auditd.conf
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*local_events\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_log_format' differs.
--- xccdf_org.ssgproject.content_rule_auditd_log_format
+++ xccdf_org.ssgproject.content_rule_auditd_log_format
@@ -19,7 +19,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*log_format\s*=\s*
state: absent
check_mode: true
@@ -29,7 +29,7 @@
- name: Deduplicate values from /etc/audit/auditd.conf
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*log_format\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_name_format' differs.
--- xccdf_org.ssgproject.content_rule_auditd_name_format
+++ xccdf_org.ssgproject.content_rule_auditd_name_format
@@ -19,7 +19,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*name_format\s*=\s*
state: absent
check_mode: true
@@ -29,7 +29,7 @@
- name: Deduplicate values from /etc/audit/auditd.conf
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*name_format\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_overflow_action' differs.
--- xccdf_org.ssgproject.content_rule_auditd_overflow_action
+++ xccdf_org.ssgproject.content_rule_auditd_overflow_action
@@ -18,7 +18,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*overflow_action\s*=\s*
state: absent
check_mode: true
@@ -28,7 +28,7 @@
- name: Deduplicate values from /etc/audit/auditd.conf
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*overflow_action\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_write_logs' differs.
--- xccdf_org.ssgproject.content_rule_auditd_write_logs
+++ xccdf_org.ssgproject.content_rule_auditd_write_logs
@@ -17,7 +17,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*write_logs\s*=\s*
state: absent
check_mode: true
@@ -27,7 +27,7 @@
- name: Deduplicate values from /etc/audit/auditd.conf
lineinfile:
path: /etc/audit/auditd.conf
- create: false
+ create: true
regexp: (?i)^\s*write_logs\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_journald_compress' differs.
--- xccdf_org.ssgproject.content_rule_journald_compress
+++ xccdf_org.ssgproject.content_rule_journald_compress
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/systemd/journald.conf
- create: false
+ create: true
regexp: ^\s*Compress=
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/systemd/journald.conf
lineinfile:
path: /etc/systemd/journald.conf
- create: false
+ create: true
regexp: ^\s*Compress=
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_journald_forward_to_syslog' differs.
--- xccdf_org.ssgproject.content_rule_journald_forward_to_syslog
+++ xccdf_org.ssgproject.content_rule_journald_forward_to_syslog
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/systemd/journald.conf
- create: false
+ create: true
regexp: ^\s*ForwardToSyslog=
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/systemd/journald.conf
lineinfile:
path: /etc/systemd/journald.conf
- create: false
+ create: true
regexp: ^\s*ForwardToSyslog=
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_journald_storage' differs.
--- xccdf_org.ssgproject.content_rule_journald_storage
+++ xccdf_org.ssgproject.content_rule_journald_storage
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/systemd/journald.conf
- create: false
+ create: true
regexp: ^\s*Storage=
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/systemd/journald.conf
lineinfile:
path: /etc/systemd/journald.conf
- create: false
+ create: true
regexp: ^\s*Storage=
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_firewalld-backend' differs.
--- xccdf_org.ssgproject.content_rule_firewalld-backend
+++ xccdf_org.ssgproject.content_rule_firewalld-backend
@@ -19,7 +19,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/firewalld/firewalld.conf
- create: false
+ create: true
regexp: ^\s*FirewallBackend=
state: absent
check_mode: true
@@ -29,7 +29,7 @@
- name: Deduplicate values from /etc/firewalld/firewalld.conf
lineinfile:
path: /etc/firewalld/firewalld.conf
- create: false
+ create: true
regexp: ^\s*FirewallBackend=
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_selinux_not_disabled' differs.
--- xccdf_org.ssgproject.content_rule_selinux_not_disabled
+++ xccdf_org.ssgproject.content_rule_selinux_not_disabled
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/selinux/config
- create: false
+ create: true
regexp: ^SELINUX=
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/selinux/config
lineinfile:
path: /etc/selinux/config
- create: false
+ create: true
regexp: ^SELINUX=
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_selinux_policytype' differs.
--- xccdf_org.ssgproject.content_rule_selinux_policytype
+++ xccdf_org.ssgproject.content_rule_selinux_policytype
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/selinux/config
- create: false
+ create: true
regexp: ^SELINUXTYPE=
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/selinux/config
lineinfile:
path: /etc/selinux/config
- create: false
+ create: true
regexp: ^SELINUXTYPE=
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_selinux_state' differs.
--- xccdf_org.ssgproject.content_rule_selinux_state
+++ xccdf_org.ssgproject.content_rule_selinux_state
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/selinux/config
- create: false
+ create: true
regexp: ^SELINUX=
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/selinux/config
lineinfile:
path: /etc/selinux/config
- create: false
+ create: true
regexp: ^SELINUX=
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias_postmaster' differs.
--- xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias_postmaster
+++ xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias_postmaster
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/aliases
- create: false
+ create: true
regexp: ^\s*postmaster\s*:\s*
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/aliases
lineinfile:
path: /etc/aliases
- create: false
+ create: true
regexp: ^\s*postmaster\s*:\s*
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay' differs.
--- xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay
+++ xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay
@@ -17,7 +17,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/postfix/main.cf
- create: false
+ create: true
regexp: ^[ \t]*smtpd_client_restrictions\s*=\s*
state: absent
check_mode: true
@@ -27,7 +27,7 @@
- name: Deduplicate values from /etc/postfix/main.cf
lineinfile:
path: /etc/postfix/main.cf
- create: false
+ create: true
regexp: ^[ \t]*smtpd_client_restrictions\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_chronyd_client_only' differs.
--- xccdf_org.ssgproject.content_rule_chronyd_client_only
+++ xccdf_org.ssgproject.content_rule_chronyd_client_only
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/chrony.conf
- create: false
+ create: true
regexp: ^\s*port\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/chrony.conf
lineinfile:
path: /etc/chrony.conf
- create: false
+ create: true
regexp: ^\s*port\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_chronyd_no_chronyc_network' differs.
--- xccdf_org.ssgproject.content_rule_chronyd_no_chronyc_network
+++ xccdf_org.ssgproject.content_rule_chronyd_no_chronyc_network
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/chrony.conf
- create: false
+ create: true
regexp: ^\s*cmdport\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/chrony.conf
lineinfile:
path: /etc/chrony.conf
- create: false
+ create: true
regexp: ^\s*cmdport\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*ClientAliveCountMax\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*ClientAliveCountMax\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*ClientAliveCountMax\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*ClientAliveCountMax\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
+++ xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*ClientAliveInterval\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*ClientAliveInterval\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_disable_host_auth' differs.
--- xccdf_org.ssgproject.content_rule_disable_host_auth
+++ xccdf_org.ssgproject.content_rule_disable_host_auth
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*HostbasedAuthentication\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*HostbasedAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2' differs.
--- xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2
+++ xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*Protocol\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*Protocol\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_compression' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_compression
+++ xccdf_org.ssgproject.content_rule_sshd_disable_compression
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*Compression\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*Compression\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
+++ xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PermitEmptyPasswords\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PermitEmptyPasswords\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth
+++ xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*GSSAPIAuthentication\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*GSSAPIAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth
+++ xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*KerberosAuthentication\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*KerberosAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_pubkey_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_pubkey_auth
+++ xccdf_org.ssgproject.content_rule_sshd_disable_pubkey_auth
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PubkeyAuthentication\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PubkeyAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_rhosts' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_rhosts
+++ xccdf_org.ssgproject.content_rule_sshd_disable_rhosts
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*IgnoreRhosts\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*IgnoreRhosts\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa
+++ xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*RhostsRSAAuthentication\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*RhostsRSAAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_root_login' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_root_login
+++ xccdf_org.ssgproject.content_rule_sshd_disable_root_login
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PermitRootLogin\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PermitRootLogin\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_root_password_login' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_root_password_login
+++ xccdf_org.ssgproject.content_rule_sshd_disable_root_password_login
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PermitRootLogin\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PermitRootLogin\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding
+++ xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*AllowTcpForwarding\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*AllowTcpForwarding\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts
+++ xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*IgnoreUserKnownHosts\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*IgnoreUserKnownHosts\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding
+++ xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*X11Forwarding\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*X11Forwarding\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env' differs.
--- xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env
+++ xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PermitUserEnvironment\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PermitUserEnvironment\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_gssapi_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_gssapi_auth
+++ xccdf_org.ssgproject.content_rule_sshd_enable_gssapi_auth
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*GSSAPIAuthentication\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*GSSAPIAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_pam' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_pam
+++ xccdf_org.ssgproject.content_rule_sshd_enable_pam
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*UsePAM\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*UsePAM\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_pubkey_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_pubkey_auth
+++ xccdf_org.ssgproject.content_rule_sshd_enable_pubkey_auth
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PubkeyAuthentication\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PubkeyAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes
+++ xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*StrictModes\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*StrictModes\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner
+++ xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*Banner\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*Banner\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner_net' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner_net
+++ xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner_net
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*Banner\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*Banner\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_x11_forwarding' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_x11_forwarding
+++ xccdf_org.ssgproject.content_rule_sshd_enable_x11_forwarding
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*X11Forwarding\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*X11Forwarding\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_print_last_log' differs.
--- xccdf_org.ssgproject.content_rule_sshd_print_last_log
+++ xccdf_org.ssgproject.content_rule_sshd_print_last_log
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PrintLastLog\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*PrintLastLog\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_rekey_limit' differs.
--- xccdf_org.ssgproject.content_rule_sshd_rekey_limit
+++ xccdf_org.ssgproject.content_rule_sshd_rekey_limit
@@ -15,7 +15,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*RekeyLimit\s+
state: absent
check_mode: true
@@ -25,7 +25,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*RekeyLimit\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time
+++ xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*LoginGraceTime\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*LoginGraceTime\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_loglevel_info' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_loglevel_info
+++ xccdf_org.ssgproject.content_rule_sshd_set_loglevel_info
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*LogLevel\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*LogLevel\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose
+++ xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*LogLevel\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*LogLevel\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries
+++ xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*MaxAuthTries\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*MaxAuthTries\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_max_sessions' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_max_sessions
+++ xccdf_org.ssgproject.content_rule_sshd_set_max_sessions
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*MaxSessions\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*MaxSessions\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_maxstartups' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_maxstartups
+++ xccdf_org.ssgproject.content_rule_sshd_set_maxstartups
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*MaxStartups\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*MaxStartups\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_use_priv_separation' differs.
--- xccdf_org.ssgproject.content_rule_sshd_use_priv_separation
+++ xccdf_org.ssgproject.content_rule_sshd_use_priv_separation
@@ -10,7 +10,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*UsePrivilegeSeparation\s+
state: absent
check_mode: true
@@ -20,7 +20,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*UsePrivilegeSeparation\s+
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_use_strong_rng' differs.
--- xccdf_org.ssgproject.content_rule_sshd_use_strong_rng
+++ xccdf_org.ssgproject.content_rule_sshd_use_strong_rng
@@ -5,7 +5,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/sysconfig/sshd
- create: false
+ create: true
regexp: ^\s*SSH_USE_STRONG_RNG=
state: absent
check_mode: true
@@ -15,7 +15,7 @@
- name: Deduplicate values from /etc/sysconfig/sshd
lineinfile:
path: /etc/sysconfig/sshd
- create: false
+ create: true
regexp: ^\s*SSH_USE_STRONG_RNG=
state: absent
when: dupes.found is defined and dupes.found > 1
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_x11_use_localhost' differs.
--- xccdf_org.ssgproject.content_rule_sshd_x11_use_localhost
+++ xccdf_org.ssgproject.content_rule_sshd_x11_use_localhost
@@ -4,7 +4,7 @@
- name: Check for duplicate values
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*X11UseLocalhost\s+
state: absent
check_mode: true
@@ -14,7 +14,7 @@
- name: Deduplicate values from /etc/ssh/sshd_config
lineinfile:
path: /etc/ssh/sshd_config
- create: false
+ create: true
regexp: (?i)^\s*X11UseLocalhost\s+
state: absent
when: dupes.found is defined and dupes.found > 1 |
Code Climate has analyzed commit b5f0402 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 53.2% (0.0% change). View more on Code Climate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! I'm waving the Automatus tests as they also failing on master.
Description:
Rationale:
create
was not being used for some of the function calls in this macro.