Skip to content
This repository was archived by the owner on Dec 26, 2020. It is now read-only.

Fix deprecation warnings in Ansible 2.8 #227

Merged
merged 1 commit into from
Jun 7, 2019
Merged

Fix deprecation warnings in Ansible 2.8 #227

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions tasks/hardening.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
owner: '{{ ssh_owner }}'
group: '{{ ssh_group }}'
notify: restart sshd
when: ssh_server_hardening
when: ssh_server_hardening | bool

- name: create sshd_config and set permissions to root/600
template:
Expand All @@ -37,7 +37,7 @@
group: '{{ ssh_group }}'
validate: '/usr/sbin/sshd -T -C user=root -C host=localhost -C addr=localhost -f %s'
notify: restart sshd
when: ssh_server_hardening
when: ssh_server_hardening | bool

- name: create ssh_config and set permissions to root/644
template:
Expand All @@ -46,7 +46,7 @@
mode: '0644'
owner: '{{ ssh_owner }}'
group: '{{ ssh_group }}'
when: ssh_client_hardening
when: ssh_client_hardening | bool

- name: Check if {{ sshd_moduli_file }} contains weak DH parameters
shell: awk '$5 < {{ sshd_moduli_minimum }}' {{ sshd_moduli_file }}
Expand All @@ -67,9 +67,9 @@
- name: include tasks to setup 2FA
include_tasks: 2fa.yml
when:
- ssh_use_pam
- ssh_challengeresponseauthentication
- ssh_google_auth
- ssh_use_pam | bool
- ssh_challengeresponseauthentication | bool
- ssh_google_auth | bool

- name: include selinux specific tasks
include_tasks: selinux.yml
Expand Down
2 changes: 1 addition & 1 deletion tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
---

- include_tasks: hardening.yml
when: ssh_hardening_enabled
when: ssh_hardening_enabled | bool
4 changes: 2 additions & 2 deletions tasks/selinux.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,10 @@
- name: install selinux policy
command: semodule -i {{ ssh_custom_selinux_dir }}/ssh_password.pp

when: not ssh_use_pam and ssh_password_module.stdout.find('ssh_password') != 0
when: not ssh_use_pam | bool and ssh_password_module.stdout.find('ssh_password') != 0

# The following tasks only get executed when selinux is installed, UsePam is 'yes' and the ssh_password module is installed.
# See http://danwalsh.livejournal.com/12333.html for more info
- name: remove selinux-policy when Pam is used, because Allowing sshd to read the shadow file directly is considered a potential security risk
command: semodule -r ssh_password
when: ssh_use_pam and ssh_password_module.stdout.find('ssh_password') == 0
when: ssh_use_pam | bool and ssh_password_module.stdout.find('ssh_password') == 0