- name: Block Disable service sshd
block:
- name: Disable service sshd
block:
- name: Disable service sshd
systemd:
name: ssh.service
enabled: 'no'
state: stopped
masked: 'yes'
rescue:
- name: Intentionally ignored previous 'Disable service sshd' failure, service
was already disabled
meta: noop
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
- NIST-800-53-CM-3(6)
- NIST-800-53-IA-2(4)
- disable_strategy
- high_severity
- low_complexity
- low_disruption
- no_reboot_needed
- service_sshd_disabled
- name: Unit Socket Exists - ssh.socket
command: systemctl -q list-unit-files ssh.socket
register: socket_file_exists
changed_when: false
failed_when: socket_file_exists.rc not in [0, 1]
check_mode: false
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
- NIST-800-53-CM-3(6)
- NIST-800-53-IA-2(4)
- disable_strategy
- high_severity
- low_complexity
- low_disruption
- no_reboot_needed
- service_sshd_disabled
- name: Disable socket sshd
systemd:
name: ssh.socket
enabled: 'no'
state: stopped
masked: 'yes'
when:
- ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
- socket_file_exists.stdout_lines is search("ssh.socket",multiline=True)
tags:
- NIST-800-53-CM-3(6)
- NIST-800-53-IA-2(4)
- disable_strategy
- high_severity
- low_complexity
- low_disruption
- no_reboot_needed
- service_sshd_disabled
Show more