Skip to content

Commit

Permalink
4.2.16: Add variable for SSH MaxAuthTries (#66)
Browse files Browse the repository at this point in the history 
Signed-off-by: Tom Henderson <[email protected]>
  • Loading branch information
@tom-henderson
tom-henderson authored Mar 26, 2024
1 parent 2f5391b commit b52bde5
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
5 changes: 5 additions & 0 deletions defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -858,6 +858,11 @@ amzn2023cis_sshd:
# in legacy environments;
amzn2023cis_ssh_loglevel: INFO

## Control 4.2.16 - Ensure SSH MaxAuthTries is set to 4 or less
# This variable contains the maximum number of authentication attempts permitted
# per connection. This number should be 10 or less.
amzn2023cis_ssh_maxsauthtries: 4

## Control 4.2.18 - Ensure SSH MaxSessions is set to 10 or less
# This variable contains the maximum number of open sessions permitted
# from a given connection. This number should be 10 or less.
Expand Down
2 changes: 1 addition & 1 deletion tasks/section_4/cis_4.2.x.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,7 +353,7 @@
ansible.builtin.lineinfile:
path: "{{ item.path }}"
regexp: '^(#)?MaxAuthTries \d'
line: 'MaxAuthTries 4'
line: 'MaxAuthTries {{ amzn2023cis_ssh_maxsauthtries }}'
validate: sshd -t -f %s
with_items:
- "{{ sshd_d_conf_files.files }}"
Expand Down

0 comments on commit b52bde5

Please sign in to comment.