Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lint rewrite #435

Merged
merged 1 commit into from
Nov 15, 2023
Merged

lint rewrite #435

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion defaults/main/password.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ password_remember: 5
pwquality:
dcredit: -1
dictcheck: 1
dictpath: ''
dictpath: ""
difok: 8
enforce_for_root: true
enforcing: 1
Expand Down
8 changes: 4 additions & 4 deletions defaults/main/sshd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ sshd_kex_algorithms:
- ecdh-sha2-nistp256
- diffie-hellman-group-exchange-sha256
sshd_listen:
- 0.0.0.0
- "0.0.0.0"
sshd_log_level: VERBOSE
sshd_login_grace_time: 20
sshd_macs:
Expand All @@ -73,7 +73,7 @@ sshd_match_local_ports: {}
sshd_match_users: {}
sshd_max_auth_tries: 3
sshd_max_sessions: 3
sshd_max_startups: '10:30:60'
sshd_max_startups: 10:30:60
sshd_password_authentication: false
sshd_permit_empty_passwords: false
sshd_permit_root_login: false
Expand All @@ -88,8 +88,8 @@ sshd_rekey_limit: 512M 1h
sshd_required_rsa_size: 2048
sshd_sftp_enabled: true
sshd_sftp_only_chroot: true
sshd_sftp_only_chroot_dir: '%h'
sshd_sftp_only_group: ''
sshd_sftp_only_chroot_dir: "%h"
sshd_sftp_only_group: ""
sshd_sftp_subsystem: internal-sftp -f LOCAL6 -l INFO
sshd_strict_modes: true
sshd_syslog_facility: AUTH
Expand Down
4 changes: 2 additions & 2 deletions molecule/almalinux/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,15 @@ provisioner:
almalinux8:
enable_timesyncd: false
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
suid_sgid_permissions: false
almalinux9:
enable_timesyncd: false
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand Down
6 changes: 3 additions & 3 deletions molecule/debian/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ provisioner:
bookworm:
ansible_python_interpreter: /usr/bin/python3
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand All @@ -30,7 +30,7 @@ provisioner:
ansible_become_pass: vagrant
ansible_python_interpreter: /usr/bin/python3
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand All @@ -39,7 +39,7 @@ provisioner:
ansible_become_pass: vagrant
ansible_python_interpreter: /usr/bin/python3
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand Down
10 changes: 5 additions & 5 deletions molecule/default/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,15 @@ provisioner:
enable_timesyncd: false
install_aide: false
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
suid_sgid_permissions: false
almalinux9:
enable_timesyncd: false
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand All @@ -36,7 +36,7 @@ provisioner:
ansible_python_interpreter: /usr/bin/python3
disable_wireless: false
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand All @@ -46,7 +46,7 @@ provisioner:
disable_wireless: true
install_aide: false
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand All @@ -56,7 +56,7 @@ provisioner:
block_blacklisted: true
disable_wireless: true
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand Down
5 changes: 2 additions & 3 deletions molecule/default/verify.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@

- name: Set ssh version as fact
ansible.builtin.set_fact:
ssh_installed_version: "{{ ssh_version.stderr | regex_search('^OpenSSH_([0-9+].[0-9]+)', '\\1') | join('.') | float }}" # noqa jinja[spacing]
ssh_installed_version: "{{ ssh_version.stderr | regex_search('^OpenSSH_([0-9+].[0-9]+)', '\\1') | join('.') | float }}" # noqa jinja[spacing]
tags:
- sshd
- sshd_config
Expand Down Expand Up @@ -323,8 +323,7 @@
_listenaddress: "{{ ['ListenAddress '] | product(sshd_listen) | map('join') | list }}"
_port: "{{ ['Port '] | product(sshd_ports) | map('join') | list }}"
ansible.builtin.set_fact:
sshd_config_parameters:
"{{ (sshd_config_parameters + _hostkey + _listenaddress + _port) | select() }}"
sshd_config_parameters: "{{ (sshd_config_parameters + _hostkey + _listenaddress + _port) | select() }}"

- name: Verify sshd configuration
become: true
Expand Down
2 changes: 1 addition & 1 deletion molecule/redhat/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ provisioner:
host_vars:
redhat:
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand Down
2 changes: 1 addition & 1 deletion molecule/single/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ provisioner:
focal:
disable_ipv6: true
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand Down
8 changes: 4 additions & 4 deletions molecule/ubuntu/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,25 +19,25 @@ provisioner:
host_vars:
focal:
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
jammy:
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
lunar:
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
mantic:
sshd_admin_net:
- 0.0.0.0/0
- "0.0.0.0/0"
sshd_allow_groups:
- vagrant
- sudo
Expand Down
2 changes: 1 addition & 1 deletion tasks/compilers_dnf_post_transaction_actions_plugin.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
block:
- name: Get package name rpm of binary file {{ item }}
become: true
ansible.builtin.command: rpm --query --queryformat='%{NAME}' --file {{ item }} # noqa command-instead-of-module
ansible.builtin.command: rpm --query --queryformat='%{NAME}' --file {{ item }} # noqa command-instead-of-module
register: compiler_package
changed_when: compiler_package.rc != 0
check_mode: false
Expand Down
14 changes: 7 additions & 7 deletions tasks/password.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@
- name: Remove 'nullok'
ansible.builtin.replace:
path: "{{ item }}"
regexp: '\s*nullok'
regexp: \s*nullok
mode: "0644"
owner: root
group: root
Expand All @@ -99,8 +99,8 @@
- name: Set hashing algorithm for password
ansible.builtin.replace:
path: "{{ item }}"
regexp: '\s+(bigcrypt|blowfish|gost_yescrypt|md5|sha256|sha512|yescrypt)\s+'
replace: ' {{ password_algorithm }} '
regexp: \s+(bigcrypt|blowfish|gost_yescrypt|md5|sha256|sha512|yescrypt)\s+
replace: " {{ password_algorithm }} "
mode: "0644"
owner: root
group: root
Expand All @@ -116,8 +116,8 @@
- name: Set rounds
ansible.builtin.replace:
path: "{{ item }}"
regexp: '(\s+{{ password_algorithm }}.*?(?=\s+rounds=\d+|$))(\s+rounds=\d+)*'
replace: '\1 rounds={{ "65536" if (password_algorithm == "sha512") else "8" }}'
regexp: (\s+{{ password_algorithm }}.*?(?=\s+rounds=\d+|$))(\s+rounds=\d+)*
replace: \1 rounds={{ "65536" if (password_algorithm == "sha512") else "8" }}
mode: "0644"
owner: root
group: root
Expand All @@ -133,8 +133,8 @@
- name: Set remember
ansible.builtin.replace:
path: "{{ item }}"
regexp: '(\s+use_authtok.*?(?=\s+remember=\d+|$))(\s+remember=\d+)*'
replace: '\1 remember={{ password_remember }}'
regexp: (\s+use_authtok.*?(?=\s+remember=\d+|$))(\s+remember=\d+)*
replace: \1 remember={{ password_remember }}
mode: "0644"
owner: root
group: root
Expand Down
4 changes: 2 additions & 2 deletions tasks/sysctl.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
- name: Template the sysctl file with general sysctl hardening settings
become: true
ansible.builtin.template:
src: '{{ sysctl_main_config_template }}'
dest: '{{ sysctl_conf_dir }}/zz-main-hardening.conf'
src: "{{ sysctl_main_config_template }}"
dest: "{{ sysctl_conf_dir }}/zz-main-hardening.conf"
mode: "0755"
owner: root
group: root
Expand Down
Loading