Selinux issue

[romaincabassot]

Hello,
When I have ssh_use_pam=true the role fails on:

TASK [dev-sec.ssh-hardening : remove selinux-policy when Pam is used, because Allowing sshd to read the shadow file directly is considered a potential security risk (http://danwalsh.livejournal.com/12333.html)] ***
fatal: [gitana-ext.magellium.com]: FAILED! => {"changed": true, "cmd": "semodule -r ssh_password", "delta": "0:00:02.809950", "end": "2016-10-10 16:42:34.105591", "failed": true, "rc": 1, "start": "2016-10-10 16:42:31.295641", "stderr": "libsemanage.get_module_file_by_name: Module ssh_password was not found.\nsemodule:  Failed on ssh_password!", "stdout": "", "stdout_lines": [], "warnings": []}

(except if I have run the playbook before withe ssh_use_pam=false).
Maybe you could check if the module is installed before trying to remove it?
Thanks.
PS: the 3.1 release is not on ansible galaxy

[rndmh3ro]

Thanks for this, @romaincabassot.

I'll fix this together with the other issue you created!