ansible-collection-hardening icon indicating copy to clipboard operation
ansible-collection-hardening copied to clipboard

Published 20 hours ago verified publisher icon dev-sec

Complete tests for SSH hardening

Open schurzi opened this issue 1 year ago • 0 comments

Description

Our current testcase does not support opensuse linux.

Solution

We want to adapt the test in a way, that supports these linux flavors.

Alternatives

No response

Additional information

Currently the tests fail on a PAM task. (https://github.com/dev-sec/ansible-collection-hardening/actions/runs/4664154812/jobs/8256308779)

  TASK [devsec.hardening.ssh_hardening : Disable dynamic MOTD] *******************
  Tuesday 11 April 2023  05:40:29 +0000 (0:00:01.184)       0:00:07.648 *********
  fatal: [instance]: FAILED! => {"changed": false, "msg": "Unable to open/read PAM module file /etc/pam.d/sshd with error [Errno 2] No such file or directory: '/etc/pam.d/sshd'."}

It seems that opensuse has it's config files in different locations. I could identify some alternative paths, but this needs verification

  • ssh config is in /usr/etc/ssh/
  • PAM files are in /usr/lib/pam.d/

schurzi avatar Apr 11 '23 12:04 schurzi