From f23aace2ee0160e781c65870837cb7c13a3c2f2a Mon Sep 17 00:00:00 2001 From: Major Hayden Date: Mon, 14 Nov 2016 15:42:01 -0600 Subject: [PATCH] Handle sshd_config without Match properly This patch avoids a playbook failure when a system doesn't have any `Match` lines in its `sshd_config`. Change-Id: Ibb87e3f52904546379fe7449b5e6f42d6f23a26f --- tasks/rhel7stig/sshd.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/tasks/rhel7stig/sshd.yml b/tasks/rhel7stig/sshd.yml index c5da8a55..6ad44d69 100644 --- a/tasks/rhel7stig/sshd.yml +++ b/tasks/rhel7stig/sshd.yml @@ -20,7 +20,7 @@ # of a marker line here and add a marker line to the file if it doesn't exist. - name: Find first 'Match' line in sshd_config (if it exists) - command: grep '^Match' /etc/ssh/sshd_config + shell: "grep '^Match' /etc/ssh/sshd_config || echo 'EOF'" register: sshd_match_check changed_when: False check_mode: no @@ -28,14 +28,6 @@ - always - sshd -- name: Determine where we should insert new sshd configuration lines - set_fact: - sshd_match_line: "{{ (sshd_match_check.rc == 0) | ternary('^' + sshd_match_check.stdout_lines[0] + '.*$', 'EOF') }}" - check_mode: no - tags: - - always - - sshd - - name: RHEL-07-040170 - Copy login warning banner copy: src: login_banner.txt @@ -52,7 +44,7 @@ dest: /etc/ssh/sshd_config state: present marker: "# {mark} MANAGED BY OPENSTACK-ANSIBLE-SECURITY" - insertbefore: "{{ sshd_match_line }}" + insertbefore: "{{ sshd_match_check.stdout_lines[0] }}" validate: '/usr/sbin/sshd -T -f %s' block: "{{ lookup('template', 'sshd_config_block.j2') }}" notify: