Skip to content

rhel9stig_ssh_required variable not applied consistently #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
PrymalInstynct opened this issue Mar 29, 2025 · 1 comment · Fixed by #94
Open

rhel9stig_ssh_required variable not applied consistently #90

PrymalInstynct opened this issue Mar 29, 2025 · 1 comment · Fixed by #94
Assignees
@uk-bolly
Labels
bug Something isn't working

Comments

@PrymalInstynct
Copy link
Contributor

Have you checked ReadtheDocs?:

Describe the Issue
The variable rhel9stig_ssh_required is only used for 1 of the many sshd lockdown tasks

Expected Behavior
The rhel9stig_ssh_required variable is applied to all sshd related tasks so they can be skipped with a single variable update

Actual Behavior
If I am running a server that does not have openssh-server installed it will try to install openssh-server and the implement all of sshd related lockdowns.

Control(s) Affected

  • I disabled all of the openssh-server related tasks, leaving the installation of openssh-clients uneffected
    rhel_09_255010: false
    rhel_09_255015: false
    rhel_09_255025: false
    rhel_09_255030: false
    rhel_09_255035: false
    rhel_09_255040: false
    rhel_09_255045: false
    rhel_09_255050: false
    rhel_09_255055: false
    rhel_09_255060: false
    rhel_09_255080: false
    rhel_09_255085: false
    rhel_09_255090: false
    rhel_09_255095: false
    rhel_09_255100: false
    rhel_09_255105: false
    rhel_09_255110: false
    rhel_09_255115: false
    rhel_09_255120: false
    rhel_09_255125: false
    rhel_09_255130: false
    rhel_09_255135: false
    rhel_09_255140: false
    rhel_09_255145: false
    rhel_09_255150: false
    rhel_09_255155: false
    rhel_09_255160: false
    rhel_09_255165: false
    rhel_09_255170: false
    rhel_09_255175: false

Environment (please complete the following information):

  • branch being used: [e.g. devel]
  • Ansible Version: [e.g. 2.15.13]
  • Host Python Version: [e.g. Python 3.9.21]
  • Ansible Server Python Version: [e.g. Python 3.9.12]
  • Additional Details: N/A

Additional Notes
Anything additional goes here

Possible Solution
Update the above tasks to include the rhel9stig_ssh_required conditional
@PrymalInstynct PrymalInstynct added the bug Something isn't working label Mar 29, 2025
@PrymalInstynct PrymalInstynct mentioned this issue Mar 30, 2025
Merged
@uk-bolly uk-bolly self-assigned this Apr 2, 2025
@uk-bolly
Copy link
Member

uk-bolly commented Apr 2, 2025

hi @PrymalInstynct

Thank you for taking the time to raise issue and related PR. I like this change and happy to pull in.

Many thanks

uk-bolly

@uk-bolly uk-bolly linked a pull request Apr 2, 2025 that will close this issue
Sshd #94
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uk-bolly uk-bolly

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Sshd PrymalInstynct/RHEL9-STIG-MPG
2 participants
@PrymalInstynct @uk-bolly