ssh-hardening/tasks/restrictions_crypto_policy.yml

---
- name: Move original link
  command: mv /etc/crypto-policies/back-ends/opensshserver.config /etc/crypto-policies/back-ends/opensshserver.config.not-hardened
  args:
    creates: /etc/crypto-policies/back-ends/opensshserver.config.not-hardened
  when: ssh_hardening_use_policies.stat.islnk


- name: Write new crypto policies
  template:
    src: '{{ item }}'
    dest: /etc/crypto-policies/back-ends/opensshserver.config
    owner: root
    group: root
    mode: 0644
    backup: yes
  with_first_found:
    - 'crypto-policies/opensshserver_{{ ansible_distribution|lower }}.config.j2'
    - 'crypto-policies/opensshserver_{{ ansible_os_family|lower }}.config.j2'
  notify: Restart SSH
First snapshot 2021-10-11 20:58:09 +00:00			`---`
			`- name: Move original link`
			`command: mv /etc/crypto-policies/back-ends/opensshserver.config /etc/crypto-policies/back-ends/opensshserver.config.not-hardened`
			`args:`
			`creates: /etc/crypto-policies/back-ends/opensshserver.config.not-hardened`
			`when: ssh_hardening_use_policies.stat.islnk`


			`- name: Write new crypto policies`
			`template:`
			`src: '{{ item }}'`
			`dest: /etc/crypto-policies/back-ends/opensshserver.config`
			`owner: root`
			`group: root`
			`mode: 0644`
			`backup: yes`
			`with_first_found:`
			`- 'crypto-policies/opensshserver_{{ ansible_distribution\|lower }}.config.j2'`
			`- 'crypto-policies/opensshserver_{{ ansible_os_family\|lower }}.config.j2'`
			`notify: Restart SSH`