evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 34 Wiki Activity

Release 9.10.0 #58

Merged
jlecour merged 68 commits from unstable into stable 2019-06-21 10:51:04 +02:00
Conversation 0 Commits 68 Files changed 79 +7 -6
3 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 890055753e - Show all commits

1
CHANGELOG.md
View file

@ -32,6 +32,7 @@ The **patch** part changes incrementally at each release.
* redmine: fix 500 error on logging
* evolinux-base: Validate sshd config with "-t" instead of "-T"
* evolinux-base: Ensure rename is present
* evolinux-users: Validate sshd config with "-t" instead of "-T"
### Security

4
evolinux-users/tasks/ssh_allowgroups.yml
View file

@ -14,7 +14,7 @@
dest: /etc/ssh/sshd_config
line: "\nAllowGroups {{ evolinux_ssh_group }}"
insertafter: 'Subsystem'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_allowgroups_ssh.rc != 0
@ -23,6 +23,6 @@
dest: /etc/ssh/sshd_config
regexp: '^(AllowGroups ((?!\b{{ evolinux_ssh_group }}\b).)*)$'
replace: '\1 {{ evolinux_ssh_group }}'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_allowgroups_ssh.rc == 0

8
evolinux-users/tasks/ssh_allowusers.yml
View file

@ -14,7 +14,7 @@
dest: /etc/ssh/sshd_config
line: "\nAllowUsers {{ user.name }}"
insertafter: 'Subsystem'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_allowusers_ssh.rc != 0
@ -23,7 +23,7 @@
dest: /etc/ssh/sshd_config
regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$'
replace: '\1 {{ user.name }}'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_allowusers_ssh.rc == 0
@ -39,7 +39,7 @@
dest: /etc/ssh/sshd_config
line: "\nMatch User {{ user.name }}\n PasswordAuthentication no"
insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_matchuser_ssh.rc != 0
@ -48,6 +48,6 @@
dest: /etc/ssh/sshd_config
regexp: '^(Match User ((?!{{ user.name }}).)*)$'
replace: '\1,{{ user.name }}'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_matchuser_ssh.rc == 0