forked from evolix/ansible-roles
parent
75a8c90258
commit
890055753e
|
@ -32,6 +32,7 @@ The **patch** part changes incrementally at each release.
|
||||||
* redmine: fix 500 error on logging
|
* redmine: fix 500 error on logging
|
||||||
* evolinux-base: Validate sshd config with "-t" instead of "-T"
|
* evolinux-base: Validate sshd config with "-t" instead of "-T"
|
||||||
* evolinux-base: Ensure rename is present
|
* evolinux-base: Ensure rename is present
|
||||||
|
* evolinux-users: Validate sshd config with "-t" instead of "-T"
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
line: "\nAllowGroups {{ evolinux_ssh_group }}"
|
line: "\nAllowGroups {{ evolinux_ssh_group }}"
|
||||||
insertafter: 'Subsystem'
|
insertafter: 'Subsystem'
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -t -f %s'
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
when: grep_allowgroups_ssh.rc != 0
|
when: grep_allowgroups_ssh.rc != 0
|
||||||
|
|
||||||
|
@ -23,6 +23,6 @@
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^(AllowGroups ((?!\b{{ evolinux_ssh_group }}\b).)*)$'
|
regexp: '^(AllowGroups ((?!\b{{ evolinux_ssh_group }}\b).)*)$'
|
||||||
replace: '\1 {{ evolinux_ssh_group }}'
|
replace: '\1 {{ evolinux_ssh_group }}'
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -t -f %s'
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
when: grep_allowgroups_ssh.rc == 0
|
when: grep_allowgroups_ssh.rc == 0
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
line: "\nAllowUsers {{ user.name }}"
|
line: "\nAllowUsers {{ user.name }}"
|
||||||
insertafter: 'Subsystem'
|
insertafter: 'Subsystem'
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -t -f %s'
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
when: grep_allowusers_ssh.rc != 0
|
when: grep_allowusers_ssh.rc != 0
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$'
|
regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$'
|
||||||
replace: '\1 {{ user.name }}'
|
replace: '\1 {{ user.name }}'
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -t -f %s'
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
when: grep_allowusers_ssh.rc == 0
|
when: grep_allowusers_ssh.rc == 0
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
line: "\nMatch User {{ user.name }}\n PasswordAuthentication no"
|
line: "\nMatch User {{ user.name }}\n PasswordAuthentication no"
|
||||||
insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
|
insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -t -f %s'
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
when: grep_matchuser_ssh.rc != 0
|
when: grep_matchuser_ssh.rc != 0
|
||||||
|
|
||||||
|
@ -48,6 +48,6 @@
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^(Match User ((?!{{ user.name }}).)*)$'
|
regexp: '^(Match User ((?!{{ user.name }}).)*)$'
|
||||||
replace: '\1,{{ user.name }}'
|
replace: '\1,{{ user.name }}'
|
||||||
validate: '/usr/sbin/sshd -T -f %s'
|
validate: '/usr/sbin/sshd -t -f %s'
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
when: grep_matchuser_ssh.rc == 0
|
when: grep_matchuser_ssh.rc == 0
|
||||||
|
|
Loading…
Reference in a new issue