Merge pull request dev-sec#279 from kostasns/fix_amazon_build

fix: Amazon linux build
divialth · May 8, 2020 · eef6e11 · eef6e11
2 parents d7343be + 936d758
commit eef6e11
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/templates/opensshd.conf.j2 b/templates/opensshd.conf.j2
@@ -87,7 +87,7 @@ LogLevel {{ sshd_log_level }}
 UseLogin no
 {% endif %}
 {% if sshd_version is version('7.5', '<') %}
-UsePrivilegeSeparation {% if (ansible_facts.distribution == 'Debian' and ansible_facts.distribution_major_version <= '6') or (ansible_facts.os_family in ['Oracle Linux', 'RedHat'] and ansible_facts.distribution_major_version <= '6') -%}{{ssh_ps53}}{% else %}{{ssh_ps59}}{% endif %}
+UsePrivilegeSeparation {% if (ansible_facts.distribution == 'Debian' and ansible_facts.distribution_major_version <= '6') or (ansible_facts.os_family in ['Oracle Linux', 'RedHat'] and ansible_facts.distribution_major_version <= '6' and not ansible_facts.distribution == 'Amazon') -%}{{ssh_ps53}}{% else %}{{ssh_ps59}}{% endif %}
 {% endif %}
 
 LoginGraceTime 30s

diff --git a/tests/default.yml b/tests/default.yml
@@ -17,7 +17,9 @@
     - file: path="/var/run/sshd" state=directory
     - name: create ssh host keys
       command: "ssh-keygen -A"
-      when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or ansible_facts.distribution == "Fedora"
+      when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or 
+            ansible_facts.distribution == "Fedora" or
+            ansible_facts.distribution == "Amazon"
 
   roles:
     - ansible-ssh-hardening
diff --git a/tests/default_custom.yml b/tests/default_custom.yml
@@ -17,7 +17,9 @@
     - file: path="/var/run/sshd" state=directory
     - name: create ssh host keys
       command: "ssh-keygen -A"
-      when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or ansible_facts.distribution == "Fedora"
+      when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') or 
+            ansible_facts.distribution == "Fedora" or
+            ansible_facts.distribution == "Amazon"
 
   roles:
     - ansible-ssh-hardening