This repository was archived by the owner on Dec 26, 2020. It is now read-only.
File tree Expand file tree Collapse file tree 3 files changed +36
-11
lines changed Expand file tree Collapse file tree 3 files changed +36
-11
lines changed Original file line number Diff line number Diff line change @@ -66,10 +66,10 @@ platforms:
6666 driver :
6767 image : rndmh3ro/docker-debian8-ansible:latest
6868 platform : debian
69- - name : debian9-ansible-latest
70- driver :
71- image : rndmh3ro/docker-debian9-ansible:latest
72- platform : debian
69+ # - name: debian9-ansible-latest
70+ # driver:
71+ # image: rndmh3ro/docker-debian9-ansible:latest
72+ # platform: debian
7373
7474verifier :
7575 name : inspec
@@ -78,4 +78,4 @@ verifier:
7878 - https://github.com/dev-sec/ssh-baseline
7979
8080suites :
81- - name : ssh
81+ - name : ssh
Original file line number Diff line number Diff line change 4242 run_opts : " --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
4343 init : /sbin/init
4444
45- - distro : debian9
46- version : latest
47- init : /lib/systemd/systemd
48- run_opts : " --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
45+ # - distro: debian9
46+ # version: latest
47+ # init: /lib/systemd/systemd
48+ # run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
4949
5050
5151before_install :
Original file line number Diff line number Diff line change 11---
2- - name : add the OS specific variables
3- include_vars : " {{ ansible_os_family }}.yml"
2+ - name : Set OS dependent variables
3+ include_vars : " {{ item }}"
4+ with_first_found :
5+ - " {{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml"
6+ - " {{ ansible_distribution }}.yml"
7+ - " {{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
8+ - " {{ ansible_os_family }}.yml"
9+
10+ - name : get openssh-version
11+ shell : ssh -V 2>&1 | sed -r 's/.*_([0-9]*\.[0-9]).*/\1/g'
12+ changed_when : false
13+ register : sshd_version
14+
15+ - name : set hostkeys according to openssh-version
16+ set_fact :
17+ ssh_host_key_files : ['/etc/ssh/ssh_host_rsa_key']
18+ when : sshd_version.stdout >= '5.3'
19+
20+ - name : set hostkeys according to openssh-version
21+ set_fact :
22+ ssh_host_key_files : ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key']
23+ when : sshd_version.stdout >= '6.0'
24+
25+ - name : set hostkeys according to openssh-version
26+ set_fact :
27+ ssh_host_key_files : ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']
28+ when : sshd_version.stdout >= '6.3'
429
530- name : create sshd_config and set permissions to root/600
631 template : src='opensshd.conf.j2' dest='/etc/ssh/sshd_config' mode=0600 owner=root group=root validate="/usr/sbin/sshd -T -f %s"
You can’t perform that action at this time.
0 commit comments