sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(cis): add pipefail to sshd version detection and define binary defaults

Browse Source
This commit is contained in:
Sandwich
2026-02-20 22:24:14 +01:00
parent a1fbb7c21d
commit 65c5b1029b
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/cis/tasks/sshd.yml
View File

@@ -32,7 +32,9 @@
- name: Detect target OpenSSH version
ansible.builtin.shell: >-
{{ chroot_command }} ssh -V 2>&1 | grep -oP 'OpenSSH_\K[0-9]+\.[0-9]+'
set -o pipefail && {{ chroot_command }} ssh -V 2>&1 | grep -oP 'OpenSSH_\K[0-9]+\.[0-9]+'
args:
executable: /bin/bash
register: cis_sshd_openssh_version
changed_when: false
failed_when: false