You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 26, 2020. It is now read-only.
It would be great to made some small changes in the selinux section of this role to avoid confusion, as discussed in this PR: #102
The two changes I think should be made are:
Besides from that, I found two inconsistencies between what the comment says and the actual code:
first one here: https://github.com/dev-sec/ansible-ssh-hardening/blob/master/tasks/main.yml#L86
It says that "only runs when selinux is in state enforcing", but the conditional is sestatus.stdout != 'Disabled', so the task could also be executed when selinux is in Permissive mode. Does the task can be also executed in Permissive mode or is this an error?
first one here: https://github.com/dev-sec/ansible-ssh-hardening/blob/master/tasks/main.yml#L86
It says that "only runs when selinux is in state enforcing", but the conditional is sestatus.stdout != 'Disabled', so the task could also be executed when selinux is in Permissive mode.
Does the task can be also executed in Permissive mode or is this an error?
This task also gets executed in Permissive Mode, so the comment is wrong and should be fixed.
Here, the policy should be removed when PAM is used (when: ssh_use_pam). The task should only run when selinux is installed (that's why it is in the block). So I guess the comment should read: # The following tasks only get executed when selinux is installed, UsePam is "yes" and the ssh_password module is installed.
Do you agree with me on this? Do you want to create a PR to fix this?
It would be great to made some small changes in the selinux section of this role to avoid confusion, as discussed in this PR: #102
The two changes I think should be made are:
test to see if selinux is installed and running
with
# only runs when selinux is installed
Besides from that, I found two inconsistencies between what the comment says and the actual code:
first one here: https://github.com/dev-sec/ansible-ssh-hardening/blob/master/tasks/main.yml#L86
It says that "only runs when selinux is in state enforcing", but the conditional is
sestatus.stdout != 'Disabled'
, so the task could also be executed when selinux is in Permissive mode.Does the task can be also executed in Permissive mode or is this an error?
and the second one: https://github.com/dev-sec/ansible-ssh-hardening/blob/master/tasks/main.yml#L106
It says the same from above: "only runs when selinux is in state enforcing" but there isn't any conditional related to selinux in the
when:
at the end, is this an error?The text was updated successfully, but these errors were encountered: