mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-10 09:14:18 +00:00
f56d80b5d8
* Replace ssh_keys group in Fedora with root In Fedora 38, the `ssh_keys` group was removed. root is used now, in accordance to upstream. See: https://www.spinics.net/lists/fedora-devel/msg307707.html See: https://src.fedoraproject.org/rpms/openssh/pull-request/37# Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * change host key mode and owner in fedora and rhel9 Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * add missing host mode for rhel7 Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * harden all ssh host keys Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * skip linting rule Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> * correct grp for bsd is wheel Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com> --------- Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
22 lines
439 B
YAML
22 lines
439 B
YAML
---
|
|
sshd_path: /usr/sbin/sshd
|
|
ssh_host_keys_dir: /etc/ssh
|
|
sshd_service_name: ssh
|
|
ssh_owner: root
|
|
ssh_group: root
|
|
ssh_host_keys_owner: root
|
|
ssh_host_keys_group: root
|
|
ssh_host_keys_mode: "0600"
|
|
ssh_selinux_packages:
|
|
- policycoreutils-python
|
|
- checkpolicy
|
|
|
|
# true if SSH support Kerberos
|
|
ssh_kerberos_support: true
|
|
|
|
# true if SSH has PAM support
|
|
ssh_pam_support: true
|
|
|
|
sshd_moduli_file: /etc/ssh/moduli
|
|
|
|
sshd_disable_crypto_policy: false
|