Improve infra-run portfolio credibility

2026-05-08 21:18:22 +00:00
parent deb12a0b4f
commit ca5a876d03
87 changed files with 462 additions and 531 deletions
@@ -22,7 +22,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^PermitRootLogin\s+'
    line: "PermitRootLogin {{ 'no' if cis_disable_root_login | bool else 'prohibit-password' }}"
-    validate: sshd -t -f %s
  notify:
    - validate sshd
    - reload sshd
@@ -32,7 +31,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^PermitEmptyPasswords\s+'
    line: "PermitEmptyPasswords no"
-    validate: sshd -t -f %s
  notify:
    - validate sshd
    - reload sshd
@@ -42,7 +40,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^PasswordAuthentication\s+'
    line: "PasswordAuthentication {{ 'no' if cis_disable_password_auth | bool else 'yes' }}"
-    validate: sshd -t -f %s
  notify:
    - validate sshd
    - reload sshd
@@ -52,7 +49,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^MaxAuthTries\s+'
    line: "MaxAuthTries {{ cis_ssh_max_auth_tries }}"
-    validate: sshd -t -f %s
  notify:
    - validate sshd
    - reload sshd
@@ -62,7 +58,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^LoginGraceTime\s+'
    line: "LoginGraceTime {{ cis_ssh_login_grace_time }}"
-    validate: sshd -t -f %s
  notify:
    - validate sshd
    - reload sshd
@@ -72,7 +67,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^ClientAliveInterval\s+'
    line: "ClientAliveInterval {{ cis_ssh_client_alive_interval }}"
-    validate: sshd -t -f %s
  notify:
    - validate sshd
    - reload sshd
@@ -82,7 +76,6 @@
    path: "{{ cis_ssh_dropin_path }}"
    regexp: '^ClientAliveCountMax\s+'
    line: "ClientAliveCountMax {{ cis_ssh_client_alive_count_max }}"
-    validate: sshd -t -f %s
  notify:
    - validate sshd
    - reload sshd