search

ansible-lockdown / RHEL9-CIS

Ansible role for Red Hat 9 CIS Baseline
https://ansible-lockdown.readthedocs.io
MIT License
113 stars 86 forks source link

Rule 5.2.20 expects values different than 0, but previous form of the… #171

Closed ipruteanu-sie closed 6 months ago

ipruteanu-sie commented 7 months ago

CountMax: 0 -> 3

Overall Review of Changes: Use correct value

Issue Fixes:

170

Enhancements: Use correct value

Extra question(not about ClientAliveCountMax), but about ClientAliveInterval

Edit the /etc/ssh/sshd_config file to set the parameters according to site policy. Example:

ClientAliveInterval 15            -> T??
ClientAliveCountMax 3

Current devel branch uses 900(seconds), is there a good reason why we're not following a value close to ~15(CIS-recommended value) Anyhow, for both 900 and 15 seconds, CIS returns a PASS.

How has this been tested?: EC2

uk-bolly commented 6 months ago

This is a good catch, i suggest we move the default values as listed in the docs thanks

uk-bolly

ipruteanu-sie commented 6 months ago

I created a new PR, as current one fails one will try to use rebase(against devel).