From f18674d1e834bd27f66838e330da235efbf1453f Mon Sep 17 00:00:00 2001 From: Simon Baerlocher Date: Fri, 2 Sep 2022 18:07:40 +0200 Subject: [PATCH] add centos >8 Support Signed-off-by: Simon Baerlocher --- roles/ssh_hardening/vars/CentOS_8.yml | 23 +++++++++++++++++++++++ roles/ssh_hardening/vars/CentOS_9.yml | 23 +++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 roles/ssh_hardening/vars/CentOS_8.yml create mode 100644 roles/ssh_hardening/vars/CentOS_9.yml diff --git a/roles/ssh_hardening/vars/CentOS_8.yml b/roles/ssh_hardening/vars/CentOS_8.yml new file mode 100644 index 000000000..6bafe8c7f --- /dev/null +++ b/roles/ssh_hardening/vars/CentOS_8.yml @@ -0,0 +1,23 @@ +--- +sshd_path: /usr/sbin/sshd +ssh_host_keys_dir: '/etc/ssh' +sshd_service_name: sshd +ssh_owner: root +ssh_group: root +ssh_host_keys_owner: 'root' +ssh_host_keys_group: 'ssh_keys' +ssh_selinux_packages: + - policycoreutils-python-utils + - checkpolicy + +# true if SSH support Kerberos +ssh_kerberos_support: true + +# true if SSH has PAM support +ssh_pam_support: true + +sshd_moduli_file: '/etc/ssh/moduli' + +# disable CRYPTO_POLICY to take settings from sshd configuration +# see: https://access.redhat.com/solutions/4410591 +sshd_disable_crypto_policy: true diff --git a/roles/ssh_hardening/vars/CentOS_9.yml b/roles/ssh_hardening/vars/CentOS_9.yml new file mode 100644 index 000000000..6bafe8c7f --- /dev/null +++ b/roles/ssh_hardening/vars/CentOS_9.yml @@ -0,0 +1,23 @@ +--- +sshd_path: /usr/sbin/sshd +ssh_host_keys_dir: '/etc/ssh' +sshd_service_name: sshd +ssh_owner: root +ssh_group: root +ssh_host_keys_owner: 'root' +ssh_host_keys_group: 'ssh_keys' +ssh_selinux_packages: + - policycoreutils-python-utils + - checkpolicy + +# true if SSH support Kerberos +ssh_kerberos_support: true + +# true if SSH has PAM support +ssh_pam_support: true + +sshd_moduli_file: '/etc/ssh/moduli' + +# disable CRYPTO_POLICY to take settings from sshd configuration +# see: https://access.redhat.com/solutions/4410591 +sshd_disable_crypto_policy: true