AMAZON2-CIS icon indicating copy to clipboard operation
AMAZON2-CIS copied to clipboard

Published 20 hours ago verified publisher icon ansible-lockdown

Task 5.3.16 Ensure SSH Idle Timeout Interval is configured

Open msachikanta opened this issue 1 month ago • 0 comments

Feature Request or Enhancement Is it possible to implement the following enhancement? I am refering to tag version 1.2.1

  • Enhancement

In section_5 --> cis_5.3.x.yml --> Task 5.3.16 Ensure SSH Idle Timeout Interval is configured, can the line (number 300) below:

line: "ClientAliveCountMax 0"

be replaced with:

line: "ClientAliveCountMax {{ amazon2cis_sshd['clientalivecountmax'] }}"

I see the variable is already availabe in defaults/main.yml file as shown below:

amazon2cis_sshd:
    # clientalivecountmax: 0

It just need to be uncommented.

Summary of Request The above change will allow us to set a custom value for the ClientAliveCountMax setting in the SSHD configuration

Describe alternatives you've considered I can't find any alternative method since the value 0 is hard-coded.

Suggested Code The code can be amended as shown below to allow us to set a custom value for the ClientAliveCountMax setting in the SSHD configuration.

line: "ClientAliveCountMax {{ amazon2cis_sshd['clientalivecountmax'] }}"

msachikanta avatar May 15 '24 11:05 msachikanta