ara | Result #2500: [changed] ansible.builtin.lineinfile on aio1 for "ansible-hardening : Drop options from SSH config that we manage"

/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml

Execution

Date 14 Dec 2025 10:04:43 +0000

Duration 00:10:10.66

Controller aio1.openstack.local

User root

Versions

Ansible 2.18.6

ara 1.7.4 / 1.7.4

Python 3.13.5

Summary

15 Hosts

603 Tasks

2357 Results

18 Plays

157 Files

0 Records

check:False tags:all

Date
14 Dec 2025 10:04:43 +0000
Path
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml

Argument	Value
version	None
verbosity	0
private_key_file	None
remote_user	None
connection	openstack.osa.ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	True
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py', '/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini', '/etc/openstack_deploy/inventory.ini']
listhosts	False
subset	None
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	4
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['setup-hosts.yml']

Task result details

Status
CHANGED
Duration
00:00:02.42
Play
Apply security hardening configurations
Task
ansible-hardening : Drop options from SSH config that we manage
Host
aio1

Date
14 Dec 2025 10:14:48 +0000
Module / Action
ansible.builtin.lineinfile (/home/zuul/src/opendev.org/openstack/ansible-hardening/tasks/rhel7stig/sshd.yml:29)
Tags
- V-72251
- V-72253
- V-72245
- V-72221
- V-72303
- V-71939
- V-72267
- V-71957
- high
- V-71959
- V-72247
- V-72237
- V-72243
- V-72249
- V-72263
- V-72265
- V-72261
- V-72241
- sshd
- V-72225
- security

Field

Value

changed

True

msg

All items completed

results

Result #1

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^PermitEmptyPasswords\\s+(?!no)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "PermitEmptyPasswords", "stig_id": "V-71939 / RHEL-07-010440", "value": "no" }
msg

Result #2

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^PermitUserEnvironment\\s+(?!no)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "PermitUserEnvironment", "stig_id": "V-71957", "value": "no" }
msg

Result #3

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^HostbasedAuthentication\\s+(?!no)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "HostbasedAuthentication", "stig_id": "V-71959", "value": "no" }
msg

Result #4

Field	Value
ansible_loop_var	item
backup
changed	True
diff
failed	False
found	1
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^Ciphers\\s+(?!aes128-ctr,aes192-ctr,aes256-ctr)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "Ciphers", "stig_id": "V-72221", "value": "aes128-ctr,aes192-ctr,aes256-ctr" }
msg	1 line(s) removed

Result #5

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^ClientAliveInterval\\s+(?!600)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "ClientAliveInterval", "stig_id": "V-72237", "value": 600 }
msg

Result #6

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^ClientAliveCountMax\\s+(?!0)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "ClientAliveCountMax", "stig_id": "V-72241", "value": 0 }
msg

Result #7

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^PrintLastLog\\s+(?!yes)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "PrintLastLog", "stig_id": "V-72245", "value": "yes" }
msg

Result #8

Field	Value
ansible_loop_var	item
backup
changed	True
diff
failed	False
found	1
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^PermitRootLogin\\s+(?!without-password)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "PermitRootLogin", "stig_id": "V-72247", "value": "without-password" }
msg	1 line(s) removed

Result #9

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^IgnoreUserKnownHosts\\s+(?!yes)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "IgnoreUserKnownHosts", "stig_id": "V-72249 / V-72239", "value": "yes" }
msg

Result #10

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^IgnoreRhosts\\s+(?!yes)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "IgnoreRhosts", "stig_id": "V-72243", "value": "yes" }
msg

Result #11

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^X11Forwarding\\s+(?!yes)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "X11Forwarding", "stig_id": "V-72303", "value": "yes" }
msg

Result #12

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^Protocol\\s+(?!2)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "Protocol", "stig_id": "V-72251", "value": 2 }
msg

Result #13

Field	Value
ansible_loop_var	item
backup
changed	True
diff
failed	False
found	1
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^MACs\\s+(?!hmac-sha2-256,hmac-sha2-512)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "MACs", "stig_id": "V-72253", "value": "hmac-sha2-256,hmac-sha2-512" }
msg	1 line(s) removed

Result #14

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^Compression\\s+(?!delayed)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "Compression", "stig_id": "V-72267", "value": "delayed" }
msg

Result #15

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^KerberosAuthentication\\s+(?!no)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "KerberosAuthentication", "stig_id": "V-72261", "value": "no" }
msg

Result #16

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^GSSAPIAuthentication\\s+(?!no)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "GSSAPIAuthentication", "stig_id": "V-204598", "value": "no" }
msg

Result #17

Field	Value
ansible_loop_var	item
backup
changed	False
diff
failed	False
found	0
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^StrictModes\\s+(?!yes)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "StrictModes", "stig_id": "V-72263", "value": "yes" }
msg

Result #18

Field	Value
ansible_loop_var	item
backup
changed	True
diff
failed	False
found	1
invocation	{ "module_args": { "attributes": null, "backrefs": false, "backup": false, "create": false, "firstmatch": false, "group": null, "insertafter": null, "insertbefore": null, "line": null, "mode": null, "owner": null, "path": "/etc/ssh/sshd_config", "regexp": "^PrintMotd\\s+(?!yes)", "search_string": null, "selevel": null, "serole": null, "setype": null, "seuser": null, "state": "absent", "unsafe_writes": false, "validate": "/usr/sbin/sshd -T -f %s" } }
item	{ "enabled": true, "name": "PrintMotd", "stig_id": "V-71861", "value": "yes" }
msg	1 line(s) removed

Playbook #2