Skip to content
This repository has been archived by the owner on Dec 26, 2020. It is now read-only.

Renaming Ansible variables discovered from systems #268

Merged
merged 2 commits into from
Mar 27, 2020
Merged

Renaming Ansible variables discovered from systems #268

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b720fd9
Renaming ansible variables discovered from systems: Facts to be place…
Mar 24, 2020
eb946ef
Renaming ansible variables discovered from systems: Facts to be place…
Mar 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 4 additions & 4 deletions tasks/2fa.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@
apt:
name: 'libpam-google-authenticator'
state: present
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
when: ansible_facts.distribution == 'Debian' or ansible_facts.distribution == 'Ubuntu'

- name: Install google authenticator PAM module
yum:
name: 'google-authenticator'
state: present
when: ansible_os_family == 'RedHat' or ansible_os_family == 'Oracle Linux'
when: ansible_facts.os_family == 'RedHat' or ansible_facts.os_family == 'Oracle Linux'

- name: Add google auth module to PAM
pamd:
Expand All @@ -26,11 +26,11 @@
control: 'substack'
module_path: 'password-auth'
state: absent
when: ansible_distribution == 'RedHat' or ansible_distribution == 'Oracle Linux' or ansible_distribution == 'Amazon'
when: ansible_facts.distribution == 'RedHat' or ansible_facts.distribution == 'Oracle Linux' or ansible_facts.distribution == 'Amazon'

- name: Remove password auth from PAM
replace:
dest: '/etc/pam.d/sshd'
regexp: '^@include common-auth'
replace: '#@include common-auth'
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
when: ansible_facts.distribution == 'Debian' or ansible_facts.distribution == 'Ubuntu'
8 changes: 4 additions & 4 deletions tasks/hardening.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
- name: Set OS dependent variables
include_vars: '{{ item }}'
with_first_found:
- '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml'
- '{{ ansible_distribution }}.yml'
- '{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml'
- '{{ ansible_os_family }}.yml'
- '{{ ansible_facts.distribution }}_{{ ansible_facts.distribution_major_version }}.yml'
- '{{ ansible_facts.distribution }}.yml'
- '{{ ansible_facts.os_family }}_{{ ansible_facts.distribution_major_version }}.yml'
- '{{ ansible_facts.os_family }}.yml'

- name: get openssh-version
command: ssh -V
Expand Down
6 changes: 3 additions & 3 deletions templates/opensshd.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ LogLevel {{ sshd_log_level }}
UseLogin no
{% endif %}
{% if sshd_version is version('7.5', '<') %}
UsePrivilegeSeparation {% if (ansible_distribution == 'Debian' and ansible_distribution_major_version <= '6') or (ansible_os_family in ['Oracle Linux', 'RedHat'] and ansible_distribution_major_version <= '6') -%}{{ssh_ps53}}{% else %}{{ssh_ps59}}{% endif %}
UsePrivilegeSeparation {% if (ansible_facts.distribution == 'Debian' and ansible_facts.distribution_major_version <= '6') or (ansible_facts.os_family in ['Oracle Linux', 'RedHat'] and ansible_facts.distribution_major_version <= '6') -%}{{ssh_ps53}}{% else %}{{ssh_ps59}}{% endif %}
{% endif %}

LoginGraceTime 30s
Expand Down Expand Up @@ -217,13 +217,13 @@ UseDNS {{ 'yes' if (ssh_use_dns|bool) else 'no' }}

PrintMotd {{ 'yes' if (ssh_print_motd|bool) else 'no' }}

{% if ansible_os_family != 'FreeBSD' %}
{% if ansible_facts.os_family != 'FreeBSD' %}
PrintLastLog {{ 'yes' if (ssh_print_last_log|bool) else 'no' }}
{% endif %}

Banner {{ '/etc/ssh/banner.txt' if (ssh_banner|bool) else 'none' }}

{% if ansible_os_family == 'Debian' -%}
{% if ansible_facts.os_family == 'Debian' -%}
DebianBanner {{ 'yes' if (ssh_print_debian_banner|bool) else 'no' }}
{% endif %}

Expand Down
2 changes: 1 addition & 1 deletion tests/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
- file: path="/var/run/sshd" state=directory
- name: create ssh host keys
command: "ssh-keygen -A"
when: not ((ansible_os_family in ['Oracle Linux', 'RedHat']) and ansible_distribution_major_version < '7') or ansible_distribution == "Fedora"
when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or ansible_facts.distribution == "Fedora"

roles:
- ansible-ssh-hardening
2 changes: 1 addition & 1 deletion tests/default_custom.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
- file: path="/var/run/sshd" state=directory
- name: create ssh host keys
command: "ssh-keygen -A"
when: not ((ansible_os_family in ['Oracle Linux', 'RedHat']) and ansible_distribution_major_version < '7') or ansible_distribution == "Fedora"
when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or ansible_facts.distribution == "Fedora"

roles:
- ansible-ssh-hardening
Expand Down