-
Notifications
You must be signed in to change notification settings - Fork 706
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add insensitive option to ansible_lineinfile macro #12314
Add insensitive option to ansible_lineinfile macro #12314
Conversation
Hi @yunimoo. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This datastream diff is auto generated by the check Click here to see the trimmed diffansible remediation for rule 'xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy' differs.
--- xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy
+++ xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_openssh_conf_crypto_policy
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
create: true
- regexp: ^.*Ciphers\s+
+ regexp: (?i)^.*Ciphers\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
create: true
- regexp: ^.*Ciphers\s+
+ regexp: (?i)^.*Ciphers\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
create: true
- regexp: ^.*Ciphers\s+
+ regexp: (?i)^.*Ciphers\s+
line: Ciphers {{ sshd_approved_ciphers }}
state: present
tags:
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy' differs.
--- xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy
+++ xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
create: true
- regexp: ^.*MACs\s+
+ regexp: (?i)^.*MACs\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
create: true
- regexp: ^.*MACs\s+
+ regexp: (?i)^.*MACs\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/crypto-policies/back-ends/openssh.config
create: true
- regexp: ^.*MACs\s+
+ regexp: (?i)^.*MACs\s+
line: MACs {{ sshd_approved_macs }}
state: present
tags:
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_local' differs.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_local
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_local
@@ -15,6 +15,7 @@
lineinfile:
path: /etc/security/pwquality.conf
create: true
+ regexp: ''
line: local_users_only
state: present
when: '"pam" in ansible_facts.packages'
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root' differs.
--- xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root
+++ xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root
@@ -18,6 +18,7 @@
lineinfile:
path: /etc/security/pwquality.conf
create: true
+ regexp: ''
line: enforce_for_root
state: present
when: '"pam" in ansible_facts.packages'
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_after_time' differs.
--- xccdf_org.ssgproject.content_rule_configure_tmux_lock_after_time
+++ xccdf_org.ssgproject.content_rule_configure_tmux_lock_after_time
@@ -18,7 +18,7 @@
lineinfile:
path: /etc/tmux.conf
create: true
- regexp: ^\s*set -g lock-after-time\s+
+ regexp: (?i)^\s*set -g lock-after-time\s+
mode: '0644'
state: absent
check_mode: true
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/tmux.conf
create: true
- regexp: ^\s*set -g lock-after-time\s+
+ regexp: (?i)^\s*set -g lock-after-time\s+
mode: '0644'
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -38,7 +38,7 @@
lineinfile:
path: /etc/tmux.conf
create: true
- regexp: ^\s*set -g lock-after-time\s+
+ regexp: (?i)^\s*set -g lock-after-time\s+
mode: '0644'
line: set -g lock-after-time 900
state: present
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_command' differs.
--- xccdf_org.ssgproject.content_rule_configure_tmux_lock_command
+++ xccdf_org.ssgproject.content_rule_configure_tmux_lock_command
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/tmux.conf
create: true
- regexp: ^\s*set -g lock-command\s+
+ regexp: (?i)^\s*set -g lock-command\s+
mode: '0644'
state: absent
check_mode: true
@@ -32,7 +32,7 @@
lineinfile:
path: /etc/tmux.conf
create: true
- regexp: ^\s*set -g lock-command\s+
+ regexp: (?i)^\s*set -g lock-command\s+
mode: '0644'
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -41,7 +41,7 @@
lineinfile:
path: /etc/tmux.conf
create: true
- regexp: ^\s*set -g lock-command\s+
+ regexp: (?i)^\s*set -g lock-command\s+
mode: '0644'
line: set -g lock-command vlock
state: present
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding' differs.
--- xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding
+++ xccdf_org.ssgproject.content_rule_configure_tmux_lock_keybinding
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/tmux.conf
create: true
- regexp: \s*bind\s+\w\s+lock-session.*$
+ regexp: (?i)\s*bind\s+\w\s+lock-session.*$
mode: '0644'
state: absent
check_mode: true
@@ -38,7 +38,7 @@
lineinfile:
path: /etc/tmux.conf
create: true
- regexp: \s*bind\s+\w\s+lock-session.*$
+ regexp: (?i)\s*bind\s+\w\s+lock-session.*$
mode: '0644'
state: absent
when:
@@ -59,7 +59,7 @@
lineinfile:
path: /etc/tmux.conf
create: true
- regexp: \s*bind\s+\w\s+lock-session.*$
+ regexp: (?i)\s*bind\s+\w\s+lock-session.*$
mode: '0644'
line: bind X lock-session
state: present
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs' differs.
--- xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs
+++ xccdf_org.ssgproject.content_rule_accounts_have_homedir_login_defs
@@ -18,7 +18,7 @@
lineinfile:
path: /etc/login.defs
create: true
- regexp: ^\s*CREATE_HOME\s+
+ regexp: (?i)^\s*CREATE_HOME\s+
state: absent
check_mode: true
changed_when: false
@@ -28,7 +28,7 @@
lineinfile:
path: /etc/login.defs
create: true
- regexp: ^\s*CREATE_HOME\s+
+ regexp: (?i)^\s*CREATE_HOME\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -36,7 +36,7 @@
lineinfile:
path: /etc/login.defs
create: true
- regexp: ^\s*CREATE_HOME\s+
+ regexp: (?i)^\s*CREATE_HOME\s+
line: CREATE_HOME yes
state: present
when: '"shadow-utils" in ansible_facts.packages'
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdriverauthmode' differs.
--- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdriverauthmode
+++ xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdriverauthmode
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/rsyslog.conf
create: false
- regexp: ^\s*{{ "$ActionSendStreamDriverAuthMode"| regex_escape }}\s
+ regexp: (?i)^\s*{{ "$ActionSendStreamDriverAuthMode"| regex_escape }}\s
state: absent
- name: Check if /etc/rsyslog.d exists
@@ -26,7 +26,7 @@
lineinfile:
path: '{{ item.path }}'
create: false
- regexp: ^\s*{{ "$ActionSendStreamDriverAuthMode"| regex_escape }}\s
+ regexp: (?i)^\s*{{ "$ActionSendStreamDriverAuthMode"| regex_escape }}\s
state: absent
with_items: '{{ _etc_rsyslog_d_has_parameter.files }}'
when: _etc_rsyslog_d_has_parameter.matched
@@ -35,7 +35,7 @@
lineinfile:
path: /etc/rsyslog.conf
create: true
- regexp: ^\s*{{ "$ActionSendStreamDriverAuthMode"| regex_escape }}\s
+ regexp: (?i)^\s*{{ "$ActionSendStreamDriverAuthMode"| regex_escape }}\s
line: $ActionSendStreamDriverAuthMode x509/name
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdrivermode' differs.
--- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdrivermode
+++ xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_actionsendstreamdrivermode
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/rsyslog.conf
create: false
- regexp: '^\s*{{ "$ActionSendStreamDriverMode"| regex_escape }} '
+ regexp: '(?i)^\s*{{ "$ActionSendStreamDriverMode"| regex_escape }} '
state: absent
- name: Check if /etc/rsyslog.d exists
@@ -26,7 +26,7 @@
lineinfile:
path: '{{ item.path }}'
create: false
- regexp: '^\s*{{ "$ActionSendStreamDriverMode"| regex_escape }} '
+ regexp: '(?i)^\s*{{ "$ActionSendStreamDriverMode"| regex_escape }} '
state: absent
with_items: '{{ _etc_rsyslog_d_has_parameter.files }}'
when: _etc_rsyslog_d_has_parameter.matched
@@ -35,7 +35,7 @@
lineinfile:
path: /etc/rsyslog.conf
create: true
- regexp: '^\s*{{ "$ActionSendStreamDriverMode"| regex_escape }} '
+ regexp: '(?i)^\s*{{ "$ActionSendStreamDriverMode"| regex_escape }} '
line: $ActionSendStreamDriverMode 1
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_defaultnetstreamdriver' differs.
--- xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_defaultnetstreamdriver
+++ xccdf_org.ssgproject.content_rule_rsyslog_encrypt_offload_defaultnetstreamdriver
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/rsyslog.conf
create: false
- regexp: '^\s*{{ "$DefaultNetstreamDriver"| regex_escape }} '
+ regexp: '(?i)^\s*{{ "$DefaultNetstreamDriver"| regex_escape }} '
state: absent
- name: Check if /etc/rsyslog.d exists
@@ -26,7 +26,7 @@
lineinfile:
path: '{{ item.path }}'
create: false
- regexp: '^\s*{{ "$DefaultNetstreamDriver"| regex_escape }} '
+ regexp: '(?i)^\s*{{ "$DefaultNetstreamDriver"| regex_escape }} '
state: absent
with_items: '{{ _etc_rsyslog_d_has_parameter.files }}'
when: _etc_rsyslog_d_has_parameter.matched
@@ -35,7 +35,7 @@
lineinfile:
path: /etc/rsyslog.conf
create: true
- regexp: '^\s*{{ "$DefaultNetstreamDriver"| regex_escape }} '
+ regexp: '(?i)^\s*{{ "$DefaultNetstreamDriver"| regex_escape }} '
line: $DefaultNetstreamDriver gtls
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_firewalld-backend' differs.
--- xccdf_org.ssgproject.content_rule_firewalld-backend
+++ xccdf_org.ssgproject.content_rule_firewalld-backend
@@ -20,7 +20,7 @@
lineinfile:
path: /etc/firewalld/firewalld.conf
create: true
- regexp: ^\s*FirewallBackend=
+ regexp: (?i)^\s*FirewallBackend=
state: absent
check_mode: true
changed_when: false
@@ -30,7 +30,7 @@
lineinfile:
path: /etc/firewalld/firewalld.conf
create: true
- regexp: ^\s*FirewallBackend=
+ regexp: (?i)^\s*FirewallBackend=
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -38,7 +38,7 @@
lineinfile:
path: /etc/firewalld/firewalld.conf
create: true
- regexp: ^\s*FirewallBackend=
+ regexp: (?i)^\s*FirewallBackend=
line: FirewallBackend=nftables
state: present
insertbefore: ^# FirewallBackend
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_selinux_not_disabled' differs.
--- xccdf_org.ssgproject.content_rule_selinux_not_disabled
+++ xccdf_org.ssgproject.content_rule_selinux_not_disabled
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/selinux/config
create: true
- regexp: ^SELINUX=
+ regexp: (?i)^SELINUX=
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/selinux/config
create: true
- regexp: ^SELINUX=
+ regexp: (?i)^SELINUX=
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/selinux/config
create: true
- regexp: ^SELINUX=
+ regexp: (?i)^SELINUX=
line: SELINUX=permissive
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_selinux_policytype' differs.
--- xccdf_org.ssgproject.content_rule_selinux_policytype
+++ xccdf_org.ssgproject.content_rule_selinux_policytype
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/selinux/config
create: true
- regexp: ^SELINUXTYPE=
+ regexp: (?i)^SELINUXTYPE=
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/selinux/config
create: true
- regexp: ^SELINUXTYPE=
+ regexp: (?i)^SELINUXTYPE=
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/selinux/config
create: true
- regexp: ^SELINUXTYPE=
+ regexp: (?i)^SELINUXTYPE=
line: SELINUXTYPE={{ var_selinux_policy_name }}
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_selinux_state' differs.
--- xccdf_org.ssgproject.content_rule_selinux_state
+++ xccdf_org.ssgproject.content_rule_selinux_state
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/selinux/config
create: true
- regexp: ^SELINUX=
+ regexp: (?i)^SELINUX=
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/selinux/config
create: true
- regexp: ^SELINUX=
+ regexp: (?i)^SELINUX=
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/selinux/config
create: true
- regexp: ^SELINUX=
+ regexp: (?i)^SELINUX=
line: SELINUX={{ var_selinux_state }}
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias_postmaster' differs.
--- xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias_postmaster
+++ xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias_postmaster
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/aliases
create: true
- regexp: ^\s*postmaster\s*:\s*
+ regexp: (?i)^\s*postmaster\s*:\s*
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/aliases
create: true
- regexp: ^\s*postmaster\s*:\s*
+ regexp: (?i)^\s*postmaster\s*:\s*
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/aliases
create: true
- regexp: ^\s*postmaster\s*:\s*
+ regexp: (?i)^\s*postmaster\s*:\s*
line: 'postmaster: root'
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled' differs.
--- xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled
+++ xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled
@@ -27,7 +27,7 @@
lineinfile:
path: /etc/postfix/main.cf
create: false
- regexp: ^inet_interfaces\s*=\s.*
+ regexp: (?i)^inet_interfaces\s*=\s.*
line: inet_interfaces = {{ var_postfix_inet_interfaces }}
state: present
insertafter: ^inet_interfaces\s*=\s.*
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay' differs.
--- xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay
+++ xccdf_org.ssgproject.content_rule_postfix_prevent_unrestricted_relay
@@ -18,7 +18,7 @@
lineinfile:
path: /etc/postfix/main.cf
create: true
- regexp: ^[ \t]*smtpd_client_restrictions\s*=\s*
+ regexp: (?i)^[ \t]*smtpd_client_restrictions\s*=\s*
state: absent
check_mode: true
changed_when: false
@@ -28,7 +28,7 @@
lineinfile:
path: /etc/postfix/main.cf
create: true
- regexp: ^[ \t]*smtpd_client_restrictions\s*=\s*
+ regexp: (?i)^[ \t]*smtpd_client_restrictions\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -36,7 +36,7 @@
lineinfile:
path: /etc/postfix/main.cf
create: true
- regexp: ^[ \t]*smtpd_client_restrictions\s*=\s*
+ regexp: (?i)^[ \t]*smtpd_client_restrictions\s*=\s*
line: smtpd_client_restrictions = permit_mynetworks,reject
state: present
when:
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_chronyd_client_only' differs.
--- xccdf_org.ssgproject.content_rule_chronyd_client_only
+++ xccdf_org.ssgproject.content_rule_chronyd_client_only
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/chrony.conf
create: true
- regexp: ^\s*port\s+
+ regexp: (?i)^\s*port\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/chrony.conf
create: true
- regexp: ^\s*port\s+
+ regexp: (?i)^\s*port\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/chrony.conf
create: true
- regexp: ^\s*port\s+
+ regexp: (?i)^\s*port\s+
line: port 0
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_chronyd_no_chronyc_network' differs.
--- xccdf_org.ssgproject.content_rule_chronyd_no_chronyc_network
+++ xccdf_org.ssgproject.content_rule_chronyd_no_chronyc_network
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/chrony.conf
create: true
- regexp: ^\s*cmdport\s+
+ regexp: (?i)^\s*cmdport\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/chrony.conf
create: true
- regexp: ^\s*cmdport\s+
+ regexp: (?i)^\s*cmdport\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/chrony.conf
create: true
- regexp: ^\s*cmdport\s+
+ regexp: (?i)^\s*cmdport\s+
line: cmdport 0
state: present
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*ClientAliveCountMax\s+
+ regexp: (?i)(?i)^\s*ClientAliveCountMax\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*ClientAliveCountMax\s+
+ regexp: (?i)(?i)^\s*ClientAliveCountMax\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*ClientAliveCountMax\s+
+ regexp: (?i)(?i)^\s*ClientAliveCountMax\s+
line: ClientAliveCountMax 0
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_keepalive' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_keepalive
+++ xccdf_org.ssgproject.content_rule_sshd_set_keepalive
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*ClientAliveCountMax\s+
+ regexp: (?i)(?i)^\s*ClientAliveCountMax\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*ClientAliveCountMax\s+
+ regexp: (?i)(?i)^\s*ClientAliveCountMax\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*ClientAliveCountMax\s+
+ regexp: (?i)(?i)^\s*ClientAliveCountMax\s+
line: ClientAliveCountMax {{ var_sshd_set_keepalive }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
+++ xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*ClientAliveInterval\s+
+ regexp: (?i)(?i)^\s*ClientAliveInterval\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*ClientAliveInterval\s+
+ regexp: (?i)(?i)^\s*ClientAliveInterval\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*ClientAliveInterval\s+
+ regexp: (?i)(?i)^\s*ClientAliveInterval\s+
line: ClientAliveInterval {{ sshd_idle_timeout_value }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_disable_host_auth' differs.
--- xccdf_org.ssgproject.content_rule_disable_host_auth
+++ xccdf_org.ssgproject.content_rule_disable_host_auth
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*HostbasedAuthentication\s+
+ regexp: (?i)(?i)^\s*HostbasedAuthentication\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*HostbasedAuthentication\s+
+ regexp: (?i)(?i)^\s*HostbasedAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*HostbasedAuthentication\s+
+ regexp: (?i)(?i)^\s*HostbasedAuthentication\s+
line: HostbasedAuthentication no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2' differs.
--- xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2
+++ xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Protocol\s+
+ regexp: (?i)(?i)^\s*Protocol\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Protocol\s+
+ regexp: (?i)(?i)^\s*Protocol\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Protocol\s+
+ regexp: (?i)(?i)^\s*Protocol\s+
line: Protocol 2
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_compression' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_compression
+++ xccdf_org.ssgproject.content_rule_sshd_disable_compression
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Compression\s+
+ regexp: (?i)(?i)^\s*Compression\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Compression\s+
+ regexp: (?i)(?i)^\s*Compression\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Compression\s+
+ regexp: (?i)(?i)^\s*Compression\s+
line: Compression {{ var_sshd_disable_compression }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
+++ xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitEmptyPasswords\s+
+ regexp: (?i)(?i)^\s*PermitEmptyPasswords\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitEmptyPasswords\s+
+ regexp: (?i)(?i)^\s*PermitEmptyPasswords\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitEmptyPasswords\s+
+ regexp: (?i)(?i)^\s*PermitEmptyPasswords\s+
line: PermitEmptyPasswords no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth
+++ xccdf_org.ssgproject.content_rule_sshd_disable_gssapi_auth
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*GSSAPIAuthentication\s+
+ regexp: (?i)(?i)^\s*GSSAPIAuthentication\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*GSSAPIAuthentication\s+
+ regexp: (?i)(?i)^\s*GSSAPIAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*GSSAPIAuthentication\s+
+ regexp: (?i)(?i)^\s*GSSAPIAuthentication\s+
line: GSSAPIAuthentication no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth
+++ xccdf_org.ssgproject.content_rule_sshd_disable_kerb_auth
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*KerberosAuthentication\s+
+ regexp: (?i)(?i)^\s*KerberosAuthentication\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*KerberosAuthentication\s+
+ regexp: (?i)(?i)^\s*KerberosAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*KerberosAuthentication\s+
+ regexp: (?i)(?i)^\s*KerberosAuthentication\s+
line: KerberosAuthentication no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_pubkey_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_pubkey_auth
+++ xccdf_org.ssgproject.content_rule_sshd_disable_pubkey_auth
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PubkeyAuthentication\s+
+ regexp: (?i)(?i)^\s*PubkeyAuthentication\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PubkeyAuthentication\s+
+ regexp: (?i)(?i)^\s*PubkeyAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PubkeyAuthentication\s+
+ regexp: (?i)(?i)^\s*PubkeyAuthentication\s+
line: PubkeyAuthentication no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_rhosts' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_rhosts
+++ xccdf_org.ssgproject.content_rule_sshd_disable_rhosts
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*IgnoreRhosts\s+
+ regexp: (?i)(?i)^\s*IgnoreRhosts\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*IgnoreRhosts\s+
+ regexp: (?i)(?i)^\s*IgnoreRhosts\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*IgnoreRhosts\s+
+ regexp: (?i)(?i)^\s*IgnoreRhosts\s+
line: IgnoreRhosts yes
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa
+++ xccdf_org.ssgproject.content_rule_sshd_disable_rhosts_rsa
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*RhostsRSAAuthentication\s+
+ regexp: (?i)(?i)^\s*RhostsRSAAuthentication\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*RhostsRSAAuthentication\s+
+ regexp: (?i)(?i)^\s*RhostsRSAAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*RhostsRSAAuthentication\s+
+ regexp: (?i)(?i)^\s*RhostsRSAAuthentication\s+
line: RhostsRSAAuthentication no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_root_login' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_root_login
+++ xccdf_org.ssgproject.content_rule_sshd_disable_root_login
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitRootLogin\s+
+ regexp: (?i)(?i)^\s*PermitRootLogin\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitRootLogin\s+
+ regexp: (?i)(?i)^\s*PermitRootLogin\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitRootLogin\s+
+ regexp: (?i)(?i)^\s*PermitRootLogin\s+
line: PermitRootLogin no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_root_password_login' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_root_password_login
+++ xccdf_org.ssgproject.content_rule_sshd_disable_root_password_login
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitRootLogin\s+
+ regexp: (?i)(?i)^\s*PermitRootLogin\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitRootLogin\s+
+ regexp: (?i)(?i)^\s*PermitRootLogin\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitRootLogin\s+
+ regexp: (?i)(?i)^\s*PermitRootLogin\s+
line: PermitRootLogin prohibit-password
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding
+++ xccdf_org.ssgproject.content_rule_sshd_disable_tcp_forwarding
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*AllowTcpForwarding\s+
+ regexp: (?i)(?i)^\s*AllowTcpForwarding\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*AllowTcpForwarding\s+
+ regexp: (?i)(?i)^\s*AllowTcpForwarding\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*AllowTcpForwarding\s+
+ regexp: (?i)(?i)^\s*AllowTcpForwarding\s+
line: AllowTcpForwarding no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts
+++ xccdf_org.ssgproject.content_rule_sshd_disable_user_known_hosts
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*IgnoreUserKnownHosts\s+
+ regexp: (?i)(?i)^\s*IgnoreUserKnownHosts\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*IgnoreUserKnownHosts\s+
+ regexp: (?i)(?i)^\s*IgnoreUserKnownHosts\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*IgnoreUserKnownHosts\s+
+ regexp: (?i)(?i)^\s*IgnoreUserKnownHosts\s+
line: IgnoreUserKnownHosts yes
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding' differs.
--- xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding
+++ xccdf_org.ssgproject.content_rule_sshd_disable_x11_forwarding
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*X11Forwarding\s+
+ regexp: (?i)(?i)^\s*X11Forwarding\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*X11Forwarding\s+
+ regexp: (?i)(?i)^\s*X11Forwarding\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*X11Forwarding\s+
+ regexp: (?i)(?i)^\s*X11Forwarding\s+
line: X11Forwarding no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env' differs.
--- xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env
+++ xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitUserEnvironment\s+
+ regexp: (?i)(?i)^\s*PermitUserEnvironment\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitUserEnvironment\s+
+ regexp: (?i)(?i)^\s*PermitUserEnvironment\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PermitUserEnvironment\s+
+ regexp: (?i)(?i)^\s*PermitUserEnvironment\s+
line: PermitUserEnvironment no
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_gssapi_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_gssapi_auth
+++ xccdf_org.ssgproject.content_rule_sshd_enable_gssapi_auth
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*GSSAPIAuthentication\s+
+ regexp: (?i)(?i)^\s*GSSAPIAuthentication\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*GSSAPIAuthentication\s+
+ regexp: (?i)(?i)^\s*GSSAPIAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*GSSAPIAuthentication\s+
+ regexp: (?i)(?i)^\s*GSSAPIAuthentication\s+
line: GSSAPIAuthentication yes
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_pam' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_pam
+++ xccdf_org.ssgproject.content_rule_sshd_enable_pam
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*UsePAM\s+
+ regexp: (?i)(?i)^\s*UsePAM\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*UsePAM\s+
+ regexp: (?i)(?i)^\s*UsePAM\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*UsePAM\s+
+ regexp: (?i)(?i)^\s*UsePAM\s+
line: UsePAM yes
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_pubkey_auth' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_pubkey_auth
+++ xccdf_org.ssgproject.content_rule_sshd_enable_pubkey_auth
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PubkeyAuthentication\s+
+ regexp: (?i)(?i)^\s*PubkeyAuthentication\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PubkeyAuthentication\s+
+ regexp: (?i)(?i)^\s*PubkeyAuthentication\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PubkeyAuthentication\s+
+ regexp: (?i)(?i)^\s*PubkeyAuthentication\s+
line: PubkeyAuthentication yes
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes
+++ xccdf_org.ssgproject.content_rule_sshd_enable_strictmodes
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*StrictModes\s+
+ regexp: (?i)(?i)^\s*StrictModes\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*StrictModes\s+
+ regexp: (?i)(?i)^\s*StrictModes\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*StrictModes\s+
+ regexp: (?i)(?i)^\s*StrictModes\s+
line: StrictModes yes
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner
+++ xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Banner\s+
+ regexp: (?i)(?i)^\s*Banner\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Banner\s+
+ regexp: (?i)(?i)^\s*Banner\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Banner\s+
+ regexp: (?i)(?i)^\s*Banner\s+
line: Banner /etc/issue
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner_net' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner_net
+++ xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner_net
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Banner\s+
+ regexp: (?i)(?i)^\s*Banner\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Banner\s+
+ regexp: (?i)(?i)^\s*Banner\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Banner\s+
+ regexp: (?i)(?i)^\s*Banner\s+
line: Banner /etc/issue.net
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_enable_x11_forwarding' differs.
--- xccdf_org.ssgproject.content_rule_sshd_enable_x11_forwarding
+++ xccdf_org.ssgproject.content_rule_sshd_enable_x11_forwarding
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*X11Forwarding\s+
+ regexp: (?i)(?i)^\s*X11Forwarding\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*X11Forwarding\s+
+ regexp: (?i)(?i)^\s*X11Forwarding\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*X11Forwarding\s+
+ regexp: (?i)(?i)^\s*X11Forwarding\s+
line: X11Forwarding yes
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_print_last_log' differs.
--- xccdf_org.ssgproject.content_rule_sshd_print_last_log
+++ xccdf_org.ssgproject.content_rule_sshd_print_last_log
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PrintLastLog\s+
+ regexp: (?i)(?i)^\s*PrintLastLog\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PrintLastLog\s+
+ regexp: (?i)(?i)^\s*PrintLastLog\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*PrintLastLog\s+
+ regexp: (?i)(?i)^\s*PrintLastLog\s+
line: PrintLastLog yes
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_rekey_limit' differs.
--- xccdf_org.ssgproject.content_rule_sshd_rekey_limit
+++ xccdf_org.ssgproject.content_rule_sshd_rekey_limit
@@ -16,7 +16,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*RekeyLimit\s+
+ regexp: (?i)(?i)^\s*RekeyLimit\s+
state: absent
check_mode: true
changed_when: false
@@ -26,7 +26,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*RekeyLimit\s+
+ regexp: (?i)(?i)^\s*RekeyLimit\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -34,7 +34,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*RekeyLimit\s+
+ regexp: (?i)(?i)^\s*RekeyLimit\s+
line: RekeyLimit {{ var_rekey_limit_size }} {{ var_rekey_limit_time }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time
+++ xccdf_org.ssgproject.content_rule_sshd_set_login_grace_time
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*LoginGraceTime\s+
+ regexp: (?i)(?i)^\s*LoginGraceTime\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*LoginGraceTime\s+
+ regexp: (?i)(?i)^\s*LoginGraceTime\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*LoginGraceTime\s+
+ regexp: (?i)(?i)^\s*LoginGraceTime\s+
line: LoginGraceTime {{ var_sshd_set_login_grace_time }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_loglevel_info' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_loglevel_info
+++ xccdf_org.ssgproject.content_rule_sshd_set_loglevel_info
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*LogLevel\s+
+ regexp: (?i)(?i)^\s*LogLevel\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*LogLevel\s+
+ regexp: (?i)(?i)^\s*LogLevel\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*LogLevel\s+
+ regexp: (?i)(?i)^\s*LogLevel\s+
line: LogLevel INFO
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose
+++ xccdf_org.ssgproject.content_rule_sshd_set_loglevel_verbose
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*LogLevel\s+
+ regexp: (?i)(?i)^\s*LogLevel\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*LogLevel\s+
+ regexp: (?i)(?i)^\s*LogLevel\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*LogLevel\s+
+ regexp: (?i)(?i)^\s*LogLevel\s+
line: LogLevel VERBOSE
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries
+++ xccdf_org.ssgproject.content_rule_sshd_set_max_auth_tries
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MaxAuthTries\s+
+ regexp: (?i)(?i)^\s*MaxAuthTries\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MaxAuthTries\s+
+ regexp: (?i)(?i)^\s*MaxAuthTries\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MaxAuthTries\s+
+ regexp: (?i)(?i)^\s*MaxAuthTries\s+
line: MaxAuthTries {{ sshd_max_auth_tries_value }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_max_sessions' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_max_sessions
+++ xccdf_org.ssgproject.content_rule_sshd_set_max_sessions
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MaxSessions\s+
+ regexp: (?i)(?i)^\s*MaxSessions\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MaxSessions\s+
+ regexp: (?i)(?i)^\s*MaxSessions\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MaxSessions\s+
+ regexp: (?i)(?i)^\s*MaxSessions\s+
line: MaxSessions {{ var_sshd_max_sessions }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_set_maxstartups' differs.
--- xccdf_org.ssgproject.content_rule_sshd_set_maxstartups
+++ xccdf_org.ssgproject.content_rule_sshd_set_maxstartups
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MaxStartups\s+
+ regexp: (?i)(?i)^\s*MaxStartups\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MaxStartups\s+
+ regexp: (?i)(?i)^\s*MaxStartups\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MaxStartups\s+
+ regexp: (?i)(?i)^\s*MaxStartups\s+
line: MaxStartups {{ var_sshd_set_maxstartups }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers' differs.
--- xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers
+++ xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Ciphers\s+
+ regexp: (?i)(?i)^\s*Ciphers\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Ciphers\s+
+ regexp: (?i)(?i)^\s*Ciphers\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*Ciphers\s+
+ regexp: (?i)(?i)^\s*Ciphers\s+
line: Ciphers {{ sshd_approved_ciphers }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_use_priv_separation' differs.
--- xccdf_org.ssgproject.content_rule_sshd_use_priv_separation
+++ xccdf_org.ssgproject.content_rule_sshd_use_priv_separation
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*UsePrivilegeSeparation\s+
+ regexp: (?i)(?i)^\s*UsePrivilegeSeparation\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*UsePrivilegeSeparation\s+
+ regexp: (?i)(?i)^\s*UsePrivilegeSeparation\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*UsePrivilegeSeparation\s+
+ regexp: (?i)(?i)^\s*UsePrivilegeSeparation\s+
line: UsePrivilegeSeparation {{ var_sshd_priv_separation }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_use_strong_kex' differs.
--- xccdf_org.ssgproject.content_rule_sshd_use_strong_kex
+++ xccdf_org.ssgproject.content_rule_sshd_use_strong_kex
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*KexAlgorithms\s+
+ regexp: (?i)(?i)^\s*KexAlgorithms\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*KexAlgorithms\s+
+ regexp: (?i)(?i)^\s*KexAlgorithms\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*KexAlgorithms\s+
+ regexp: (?i)(?i)^\s*KexAlgorithms\s+
line: KexAlgorithms {{ sshd_strong_kex }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_use_strong_macs' differs.
--- xccdf_org.ssgproject.content_rule_sshd_use_strong_macs
+++ xccdf_org.ssgproject.content_rule_sshd_use_strong_macs
@@ -11,7 +11,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MACs\s+
+ regexp: (?i)(?i)^\s*MACs\s+
state: absent
check_mode: true
changed_when: false
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MACs\s+
+ regexp: (?i)(?i)^\s*MACs\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*MACs\s+
+ regexp: (?i)(?i)^\s*MACs\s+
line: MACs {{ sshd_strong_macs }}
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_use_strong_rng' differs.
--- xccdf_org.ssgproject.content_rule_sshd_use_strong_rng
+++ xccdf_org.ssgproject.content_rule_sshd_use_strong_rng
@@ -6,7 +6,7 @@
lineinfile:
path: /etc/sysconfig/sshd
create: true
- regexp: ^\s*SSH_USE_STRONG_RNG=
+ regexp: (?i)^\s*SSH_USE_STRONG_RNG=
state: absent
check_mode: true
changed_when: false
@@ -16,7 +16,7 @@
lineinfile:
path: /etc/sysconfig/sshd
create: true
- regexp: ^\s*SSH_USE_STRONG_RNG=
+ regexp: (?i)^\s*SSH_USE_STRONG_RNG=
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -24,7 +24,7 @@
lineinfile:
path: /etc/sysconfig/sshd
create: true
- regexp: ^\s*SSH_USE_STRONG_RNG=
+ regexp: (?i)^\s*SSH_USE_STRONG_RNG=
line: SSH_USE_STRONG_RNG=32
state: present
insertbefore: ^# SSH_USE_STRONG_RNG
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_sshd_x11_use_localhost' differs.
--- xccdf_org.ssgproject.content_rule_sshd_x11_use_localhost
+++ xccdf_org.ssgproject.content_rule_sshd_x11_use_localhost
@@ -5,7 +5,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*X11UseLocalhost\s+
+ regexp: (?i)(?i)^\s*X11UseLocalhost\s+
state: absent
check_mode: true
changed_when: false
@@ -15,7 +15,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*X11UseLocalhost\s+
+ regexp: (?i)(?i)^\s*X11UseLocalhost\s+
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -23,7 +23,7 @@
lineinfile:
path: /etc/ssh/sshd_config
create: true
- regexp: (?i)^\s*X11UseLocalhost\s+
+ regexp: (?i)(?i)^\s*X11UseLocalhost\s+
line: X11UseLocalhost yes
state: present
insertbefore: BOF
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend' differs.
--- xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend
+++ xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend
@@ -21,7 +21,7 @@
lineinfile:
path: /etc/usbguard/usbguard-daemon.conf
create: true
- regexp: ^\s*AuditBackend=
+ regexp: (?i)^\s*AuditBackend=
state: absent
check_mode: true
changed_when: false
@@ -31,7 +31,7 @@
lineinfile:
path: /etc/usbguard/usbguard-daemon.conf
create: true
- regexp: ^\s*AuditBackend=
+ regexp: (?i)^\s*AuditBackend=
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -39,7 +39,7 @@
lineinfile:
path: /etc/usbguard/usbguard-daemon.conf
create: true
- regexp: ^\s*AuditBackend=
+ regexp: (?i)^\s*AuditBackend=
line: AuditBackend=LinuxAudit
state: present
when:
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_usbguard_allow_hid' differs.
--- xccdf_org.ssgproject.content_rule_usbguard_allow_hid
+++ xccdf_org.ssgproject.content_rule_usbguard_allow_hid
@@ -2,6 +2,7 @@
lineinfile:
path: /etc/usbguard/rules.conf
create: true
+ regexp: ''
line: allow with-interface match-all { 03:*:* }
state: present
when: ( ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman",
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_usbguard_allow_hid_and_hub' differs.
--- xccdf_org.ssgproject.content_rule_usbguard_allow_hid_and_hub
+++ xccdf_org.ssgproject.content_rule_usbguard_allow_hid_and_hub
@@ -2,6 +2,7 @@
lineinfile:
path: /etc/usbguard/rules.conf
create: true
+ regexp: ''
line: allow with-interface match-all { 03:*:* 09:00:* }
state: present
when: ( ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman",
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_usbguard_allow_hub' differs.
--- xccdf_org.ssgproject.content_rule_usbguard_allow_hub
+++ xccdf_org.ssgproject.content_rule_usbguard_allow_hub
@@ -2,6 +2,7 @@
lineinfile:
path: /etc/usbguard/rules.conf
create: true
+ regexp: ''
line: allow with-interface match-all { 09:00:* }
state: present
when: ( ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman",
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_freq' differs.
--- xccdf_org.ssgproject.content_rule_auditd_freq
+++ xccdf_org.ssgproject.content_rule_auditd_freq
@@ -18,7 +18,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*freq\s*=\s*
+ regexp: (?i)(?i)^\s*freq\s*=\s*
state: absent
check_mode: true
changed_when: false
@@ -28,7 +28,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*freq\s*=\s*
+ regexp: (?i)(?i)^\s*freq\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -36,7 +36,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*freq\s*=\s*
+ regexp: (?i)(?i)^\s*freq\s*=\s*
line: freq = 50
state: present
when:
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_local_events' differs.
--- xccdf_org.ssgproject.content_rule_auditd_local_events
+++ xccdf_org.ssgproject.content_rule_auditd_local_events
@@ -19,7 +19,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*local_events\s*=\s*
+ regexp: (?i)(?i)^\s*local_events\s*=\s*
state: absent
check_mode: true
changed_when: false
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*local_events\s*=\s*
+ regexp: (?i)(?i)^\s*local_events\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -37,7 +37,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*local_events\s*=\s*
+ regexp: (?i)(?i)^\s*local_events\s*=\s*
line: local_events = yes
state: present
when:
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_log_format' differs.
--- xccdf_org.ssgproject.content_rule_auditd_log_format
+++ xccdf_org.ssgproject.content_rule_auditd_log_format
@@ -20,7 +20,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*log_format\s*=\s*
+ regexp: (?i)(?i)^\s*log_format\s*=\s*
state: absent
check_mode: true
changed_when: false
@@ -30,7 +30,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*log_format\s*=\s*
+ regexp: (?i)(?i)^\s*log_format\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -38,7 +38,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*log_format\s*=\s*
+ regexp: (?i)(?i)^\s*log_format\s*=\s*
line: log_format = ENRICHED
state: present
when:
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_name_format' differs.
--- xccdf_org.ssgproject.content_rule_auditd_name_format
+++ xccdf_org.ssgproject.content_rule_auditd_name_format
@@ -46,7 +46,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*name_format\s*=\s*
+ regexp: (?i)(?i)^\s*name_format\s*=\s*
state: absent
check_mode: true
changed_when: false
@@ -56,7 +56,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*name_format\s*=\s*
+ regexp: (?i)(?i)^\s*name_format\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -64,7 +64,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*name_format\s*=\s*
+ regexp: (?i)(?i)^\s*name_format\s*=\s*
line: name_format = {{ auditd_name_format_split }}
state: present
when:
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_overflow_action' differs.
--- xccdf_org.ssgproject.content_rule_auditd_overflow_action
+++ xccdf_org.ssgproject.content_rule_auditd_overflow_action
@@ -19,7 +19,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*overflow_action\s*=\s*
+ regexp: (?i)(?i)^\s*overflow_action\s*=\s*
state: absent
check_mode: true
changed_when: false
@@ -29,7 +29,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*overflow_action\s*=\s*
+ regexp: (?i)(?i)^\s*overflow_action\s*=\s*
state: absent
when: dupes.found is defined and dupes.found > 1
@@ -37,7 +37,7 @@
lineinfile:
path: /etc/audit/auditd.conf
create: true
- regexp: (?i)^\s*overflow_action\s*=\s*
+ regexp: (?i)(?i)^\s*overflow_action\s*=\s*
line: overflow_action = syslog
state: present
when:
ansible remediation for rule 'xccdf_org.ssgproject.content_rule_auditd_write_logs' differs.
--- xccdf_org.ssgproject.content_rule_auditd_write_logs
+++ xccdf_org.ssg
... The diff is trimmed here ... |
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have built the content and I have also tried to use the new option in the ssh_client_rekey_limit rule and I also have executed Ansible test scenarios for this rule.
Code Climate has analyzed commit 9ee077e and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
Description:
insensitive
option toansible_lineinfile
,ansible_only_lineinfile
andansible_set_config_file_dir
macros(?i)
for case insensitivity on regex ifinsensitive
option is enabledinsensitive
option is default tofalse
Rationale:
set_config_file
macro, which would be helpful to have for AnsibleReview Hints:
Build the product and test