Improve infra-run portfolio credibility

2026-05-08 21:18:22 +00:00
parent deb12a0b4f
commit ca5a876d03
87 changed files with 462 additions and 531 deletions
@@ -33,7 +33,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^PermitRootLogin\s+'
    line: "PermitRootLogin {{ 'no' if cis_disable_root_login | bool else 'prohibit-password' }}"
-    validate: sshd -t -f %s
  notify:
    - validate ssh
    - restart ssh
@@ -43,7 +42,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^PermitEmptyPasswords\s+'
    line: "PermitEmptyPasswords no"
-    validate: sshd -t -f %s
  notify:
    - validate ssh
    - restart ssh
@@ -53,7 +51,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^PasswordAuthentication\s+'
    line: "PasswordAuthentication {{ 'no' if cis_disable_password_auth | bool else 'yes' }}"
-    validate: sshd -t -f %s
  notify:
    - validate ssh
    - restart ssh
@@ -63,7 +60,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^MaxAuthTries\s+'
    line: "MaxAuthTries {{ cis_ssh_max_auth_tries }}"
-    validate: sshd -t -f %s
  notify:
    - validate ssh
    - restart ssh
@@ -73,7 +69,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^LoginGraceTime\s+'
    line: "LoginGraceTime {{ cis_ssh_login_grace_time }}"
-    validate: sshd -t -f %s
  notify:
    - validate ssh
    - restart ssh
@@ -83,7 +78,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^ClientAliveInterval\s+'
    line: "ClientAliveInterval {{ cis_ssh_client_alive_interval }}"
-    validate: sshd -t -f %s
  notify:
    - validate ssh
    - restart ssh
@@ -93,7 +87,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^ClientAliveCountMax\s+'
    line: "ClientAliveCountMax {{ cis_ssh_client_alive_count_max }}"
-    validate: sshd -t -f %s
  notify:
    - validate ssh
    - restart ssh