Using more than one rule in a Group or User Match block?
paulbrowne opened this issue · 2 comments
paulbrowne commented
Describe the bug
This may not be be a bug per se, I'm just slightly confused about how to specify more than 1 rule in a MatchGroup block using the ssh_server_match_group role variable, as specifying this as a list fails with e.g.
fatal: [10.0.10.19]: FAILED! => {"changed": false, "msg": "AttributeError: 'list' object has no attribute 'splitlines'"}
Expected behavior
ssh_server_match_group rules accepts a list of rules to apply in the MatchGroup block
**Example Playbook**
---
- hosts: Bastion
gather_facts: true
become: true
roles:
- role: ssh-hardening
ssh_allow_groups: 'centos'
ssh_use_pam: true
sftp_enabled: true
sftp_chroot: true
ssh_server_match_group:
- group: '{{ rsyslog_rundeck_group }}'
rules:
- 'AllowTcpForwarding yes'
- 'PermitTTY no'
OS / Environment
CentOS7.6 inventory tagets
**Ansible Version**
ansible 2.7.8
config file = /home/pfb29/.ansible.cfg
configured module search path = [u'/home/pfb29/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /home/pfb29/.virtualenvs/openstackclient/lib/python2.7/site-packages/ansible
executable location = /home/pfb29/.virtualenvs/openstackclient/bin/ansible
python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Role Version
dev-sec.ssh-hardening.6.0.0
rndmh3ro commented
Thanks @paulbrowne, that's definitely a bug. I created PR #208 to fix this.