ansible-collection-hardening
ansible-collection-hardening copied to clipboard
Complete tests for SSH hardening
Description
Our current testcase does not support opensuse
linux.
Solution
We want to adapt the test in a way, that supports these linux flavors.
Alternatives
No response
Additional information
Currently the tests fail on a PAM task. (https://github.com/dev-sec/ansible-collection-hardening/actions/runs/4664154812/jobs/8256308779)
TASK [devsec.hardening.ssh_hardening : Disable dynamic MOTD] *******************
Tuesday 11 April 2023 05:40:29 +0000 (0:00:01.184) 0:00:07.648 *********
fatal: [instance]: FAILED! => {"changed": false, "msg": "Unable to open/read PAM module file /etc/pam.d/sshd with error [Errno 2] No such file or directory: '/etc/pam.d/sshd'."}
It seems that opensuse has it's config files in different locations. I could identify some alternative paths, but this needs verification
- ssh config is in
/usr/etc/ssh/
- PAM files are in
/usr/lib/pam.d/