From fee167ba2523fdc66ef5b02d7bd0d219a3e91351 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 4 Jun 2024 10:06:17 +0100 Subject: [PATCH 1/2] Issues #28 addressed thansk to @msachikanta Signed-off-by: Mark Bolwell --- defaults/main.yml | 2 +- tasks/section_5/cis_5.3.x.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 91ff01c..61bff4b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -411,7 +411,7 @@ amazon2cis_ssh_loglevel: INFO # To conform to CIS standards this value nees to be 10 or less amazon2cis_ssh_maxsessions: 10 amazon2cis_sshd: - # clientalivecountmax: 0 + clientalivecountmax: 0 # clientaliveinterval shoudl be between 1 and 900 clientaliveinterval: 300 ciphers: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr" diff --git a/tasks/section_5/cis_5.3.x.yml b/tasks/section_5/cis_5.3.x.yml index 1e84d3a..70e901c 100644 --- a/tasks/section_5/cis_5.3.x.yml +++ b/tasks/section_5/cis_5.3.x.yml @@ -297,7 +297,7 @@ lineinfile: path: /etc/ssh/sshd_config regexp: '^ClientAliveCountMax' - line: "ClientAliveCountMax 0" + line: "ClientAliveCountMax {{ amazon2cis_sshd['clientalivecountmax'] }}" notify: restart sshd when: - amazon2cis_rule_5_3_16 From 90f5b0f0059312cc599fe08145e1cc6d94b6be65 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 4 Jun 2024 10:08:55 +0100 Subject: [PATCH 2/2] addressed issue #29 thanks to @msachikanta Signed-off-by: Mark Bolwell --- tasks/section_1/cis_1.4.x.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml index 953e582..65251f2 100644 --- a/tasks/section_1/cis_1.4.x.yml +++ b/tasks/section_1/cis_1.4.x.yml @@ -28,7 +28,7 @@ lineinfile: dest: /usr/lib/systemd/system/rescue.service regexp: '/sbin/sulogin' - line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default' + line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' when: - amazon2cis_rule_1_4_2 - ansible_facts['distribution_major_version'] is version('2', '>=')