diff --git a/molecule/ssh_hardening/prepare.yml b/molecule/ssh_hardening/prepare.yml index e20edc48..08cb0e30 100644 --- a/molecule/ssh_hardening/prepare.yml +++ b/molecule/ssh_hardening/prepare.yml @@ -62,12 +62,6 @@ update_cache: true when: ansible_facts.os_family == 'Archlinux' - - name: Created needed directory - ansible.builtin.file: - path: /var/run/sshd - state: directory - mode: "0755" - - name: Create ssh host keys # noqa ignore-errors ansible.builtin.command: ssh-keygen -A when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') diff --git a/molecule/ssh_hardening_bsd/prepare.yml b/molecule/ssh_hardening_bsd/prepare.yml index ce69adf5..baa8e13f 100644 --- a/molecule/ssh_hardening_bsd/prepare.yml +++ b/molecule/ssh_hardening_bsd/prepare.yml @@ -18,12 +18,6 @@ https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}" no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}" tasks: - - name: Created needed directory - ansible.builtin.file: - path: /var/run/sshd - state: directory - mode: "0755" - - name: Create ssh host keys # noqa ignore-errors ansible.builtin.command: ssh-keygen -A when: not ((ansible_facts.os_family in ['Oracle Linux', 'RedHat']) and ansible_facts.distribution_major_version < '7') diff --git a/roles/ssh_hardening/tasks/disable-systemd-socket.yml b/roles/ssh_hardening/tasks/disable-systemd-socket.yml index fdd41abd..8c1b37a2 100644 --- a/roles/ssh_hardening/tasks/disable-systemd-socket.yml +++ b/roles/ssh_hardening/tasks/disable-systemd-socket.yml @@ -1,8 +1,11 @@ --- - name: Remove ssh service systemd-socket file ansible.builtin.file: - path: /etc/systemd/system/ssh.service.d/00-socket.conf + path: "{{ item }}" state: absent + loop: + - /etc/systemd/system/ssh.service.d/00-socket.conf + - /etc/systemd/system/ssh.service.requires/ssh.socket - name: Disable systemd-socket activation ansible.builtin.systemd: @@ -10,4 +13,3 @@ state: stopped enabled: false masked: true - daemon_reload: true