ansible-sshd icon indicating copy to clipboard operation
ansible-sshd copied to clipboard

RFE: Allow removing unrecognized sshd configuration files

Open myllynen opened this issue 1 year ago • 2 comments

In case there's a configuration file present in the sshd_config.d directory then the role configured options do not necessarily get used if the unexpected configuration file has higher priority.

It would nice to be able to have the role to remove all unrecognised configuration files from sshd_config.d. On RHEL, for instance, there might be few non-role configuration files created by security hardening tools such as oscap(8) which would be ok to be left in place whereas something like 0-test.conf or 0-rogue.conf should be removed.

Thanks.

myllynen avatar Sep 14 '23 06:09 myllynen

From the point of view of design, we could have a variable (e.g. preserve_fragment_filenames) which by default is null. If set to a list, remove all files from the config dir that do not match regexs in the list. This will allow for pre/suffixes for other tools etc.

How does that sound as a solution?

mattwillsher avatar Sep 14 '23 07:09 mattwillsher

Thanks for looking into this. Yes, that sounds like a good approach here.

myllynen avatar Sep 18 '23 12:09 myllynen