De-commenting allow and deny variables for sshd.

Signed-off-by: Diana-Maria Dumitru <[email protected]>
ansible-lockdown · Feb 21, 2024 · f6e12ab · f6e12ab
1 parent c28b8a4
commit f6e12ab
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -798,26 +798,26 @@ amzn2023cis_sshd:
     # If an USER@HOST format will be used, the specified user will be allowed only on that particular host.
     # The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
     # For more info, see https://linux.die.net/man/5/sshd_config
-    # allowusers:
+    allowusers: ""
     # This variable, if specified, configures a list of GROUP name patterns, separated by spaces, to allow SSH access
     # for users whose primary group or supplementary group list matches one of the patterns. This is done
     # by setting the value of `AllowGroups` option in `/etc/ssh/sshd_config` file.
     # The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
     # For more info, https://linux.die.net/man/5/sshd_config
-    # allowgroups: systems dba
+    allowgroups: ""
     # This variable, if specified, configures a list of USER name patterns, separated by spaces, to prevent SSH access
     # for users whose user name matches one of the patterns. This is done
     # by setting the value of `DenyUsers` option in `/etc/ssh/sshd_config` file.
     # If an USER@HOST format will be used, the specified user will be restricted only on that particular host.
     # The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
     # For more info, see https://linux.die.net/man/5/sshd_config
-    # denyusers:
+    denyusers: ""
     # This variable, if specified, configures a list of GROUP name patterns, separated by spaces, to prevent SSH access
     # for users whose primary group or supplementary group list matches one of the patterns. This is done
     # by setting the value of `DenyGroups` option in `/etc/ssh/sshd_config` file.
     # The allow/deny directives process order: DenyUsers, AllowUsers, DenyGroups, AllowGroups.
     # For more info, see https://linux.die.net/man/5/sshd_config
-    # denygroups:
+    denygroups: ""
 
 ## Control 4.2.5 - Ensure SSH LogLevel is appropriate
 # This variable refers to the loglevel used for ssh.