{"id":2557,"status":"changed","playbook":{"id":2,"items":{"plays":18,"tasks":608,"results":2412,"hosts":15,"files":158,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-hosts.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:40:18.992997Z","ended":"2025-12-08T13:50:25.791366Z","duration":"00:10:06.798369","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.11","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-hosts.yml","controller":"aio1.openstack.local","user":"root"},"play":{"id":18,"items":{"tasks":161,"results":161},"started":"2025-12-08T13:49:28.604477Z","ended":"2025-12-08T13:50:24.751162Z","duration":"00:00:56.146685","name":"Apply security hardening configurations","status":"completed"},"task":{"id":753,"items":{"results":1},"path":"/home/zuul/src/opendev.org/openstack/ansible-hardening/tasks/rhel7stig/sshd.yml","tags":["V-72253","V-72267","high","V-72249","V-72221","V-72247","sshd","V-72241","V-71957","V-72263","V-72303","V-72243","V-72237","V-71959","V-72261","V-72251","V-71939","V-72245","V-72265","V-72225","security"],"started":"2025-12-08T13:50:17.869922Z","ended":"2025-12-08T13:50:20.739415Z","duration":"00:00:02.869493","name":"ansible-hardening : Drop options from SSH config that we manage","uuid":"fa163eb8-f9d2-e19b-22df-000000006d98","action":"ansible.builtin.lineinfile","lineno":29,"handler":false,"status":"completed","warnings":[],"deprecations":[],"exceptions":[],"file":177},"host":{"id":3,"name":"aio1","changed":105,"failed":0,"ok":258,"skipped":142,"unreachable":0},"delegated_to":[],"content":{"changed":true,"msg":"All items completed","results":[{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^PermitEmptyPasswords\\s+(?!no)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"PermitEmptyPasswords","stig_id":"V-71939 / RHEL-07-010440","value":"no"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^PermitUserEnvironment\\s+(?!no)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"PermitUserEnvironment","stig_id":"V-71957","value":"no"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^HostbasedAuthentication\\s+(?!no)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"HostbasedAuthentication","stig_id":"V-71959","value":"no"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":true,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":1,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^Ciphers\\s+(?!aes128-ctr,aes192-ctr,aes256-ctr)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"Ciphers","stig_id":"V-72221","value":"aes128-ctr,aes192-ctr,aes256-ctr"},"msg":"1 line(s) removed"},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^ClientAliveInterval\\s+(?!600)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"ClientAliveInterval","stig_id":"V-72237","value":600},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^ClientAliveCountMax\\s+(?!0)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"ClientAliveCountMax","stig_id":"V-72241","value":0},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^PrintLastLog\\s+(?!yes)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"PrintLastLog","stig_id":"V-72245","value":"yes"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":true,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":1,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^PermitRootLogin\\s+(?!without-password)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"PermitRootLogin","stig_id":"V-72247","value":"without-password"},"msg":"1 line(s) removed"},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^IgnoreUserKnownHosts\\s+(?!yes)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"IgnoreUserKnownHosts","stig_id":"V-72249 / V-72239","value":"yes"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^IgnoreRhosts\\s+(?!yes)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"IgnoreRhosts","stig_id":"V-72243","value":"yes"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^X11Forwarding\\s+(?!yes)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"X11Forwarding","stig_id":"V-72303","value":"yes"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^Protocol\\s+(?!2)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"Protocol","stig_id":"V-72251","value":2},"msg":""},{"ansible_loop_var":"item","backup":"","changed":true,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":1,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^MACs\\s+(?!hmac-sha2-256,hmac-sha2-512)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"MACs","stig_id":"V-72253","value":"hmac-sha2-256,hmac-sha2-512"},"msg":"1 line(s) removed"},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^Compression\\s+(?!delayed)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"Compression","stig_id":"V-72267","value":"delayed"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^KerberosAuthentication\\s+(?!no)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"KerberosAuthentication","stig_id":"V-72261","value":"no"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^GSSAPIAuthentication\\s+(?!no)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"GSSAPIAuthentication","stig_id":"V-204598","value":"no"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^StrictModes\\s+(?!yes)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"StrictModes","stig_id":"V-72263","value":"yes"},"msg":""},{"ansible_loop_var":"item","backup":"","changed":false,"diff":[{"after":"","after_header":"/etc/ssh/sshd_config (content)","before":"","before_header":"/etc/ssh/sshd_config (content)"},{"after_header":"/etc/ssh/sshd_config (file attributes)","before_header":"/etc/ssh/sshd_config (file attributes)"}],"failed":false,"found":0,"invocation":{"module_args":{"attributes":null,"backrefs":false,"backup":false,"create":false,"firstmatch":false,"group":null,"insertafter":null,"insertbefore":null,"line":null,"mode":null,"owner":null,"path":"/etc/ssh/sshd_config","regexp":"^PrintMotd\\s+(?!yes)","search_string":null,"selevel":null,"serole":null,"setype":null,"seuser":null,"state":"absent","unsafe_writes":false,"validate":"/usr/sbin/sshd -T -f %s"}},"item":{"enabled":true,"name":"PrintMotd","stig_id":"V-71861","value":"yes"},"msg":""}]},"created":"2025-12-08T13:50:20.730828Z","updated":"2025-12-08T13:50:20.730852Z","started":"2025-12-08T13:50:17.917171Z","ended":"2025-12-08T13:50:20.722820Z","duration":"00:00:02.805649","changed":true,"ignore_errors":false}