Skip to content

Commit

Permalink
Disable also dynamic MOTD via PAM if enabled - refs dev-sec#271
Browse files Browse the repository at this point in the history 
Signed-off-by: Ancoron Luciferis <ancoron.luciferis@gmail.com>
  • Loading branch information
@ancoron
ancoron committed Apr 15, 2020
1 parent ac9fd3a commit 07f5d23
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions tasks/hardening.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,18 @@
notify: restart sshd
when: ssh_server_hardening | bool

- name: disable dynamic MOTD
pamd:
name: sshd
type: session
control: optional
module_path: pam_motd.so
state: absent
when:
- ssh_server_hardening | bool
- ssh_pam_support | bool
- not (ssh_print_motd | bool)

- name: create ssh_config and set permissions to root/644
template:
src: 'openssh.conf.j2'
Expand Down

0 comments on commit 07f5d23

Please sign in to comment.