875f635ab4
This patch gets rid of the old "special notes" section that was a dead-end in the documentation and replaces it with a brief header followed by a dynamically-generated list of tag-specific documentation. All of this sits underneath the "Hardening Domains" section. It also splits the "Deviations" documentation into its own section because it's quite important for a deployer to review. The patch also includes a link to video/slides from the Boston Summit, which provided the latest updates for the project and some background on how everything fits together. Change-Id: I1a5e78733c301335fe1bcfcee36cc146d690b841
816 B
816 B
sshd - SSH daemon
The SSH daemon, sshd, provides secure, encrypted access
to Linux servers.
Overview
The STIG has several requirements for ssh server configuration and
these requirements are applied by default by the role. To opt-out or
change these requirements, see the section under the
## ssh server (sshd) comment in
defaults/main.yml.
- Deviation for PermitRootLogin
-
There is one deviation from the STIG for the
PermitRootLoginconfiguration option. The STIG requires that direct root logins are disabled, and this is the recommended setting for secure production environments.However, this can cause problems in some existing environments and the default for the role is to set it to
yes(direct root logins allowed).