From 3af9a356135ef1622e46dfafd215ebcea2db5bac Mon Sep 17 00:00:00 2001
From: dave kormann <davek@research.att.com>
Date: Mon, 14 Dec 2020 12:04:26 -0500
Subject: [PATCH] FIX: Syntax error in SSH hardening playbook

Previous change introduced the ssh playbook to the world of
mismatched quotes.  Bad idea, fixed.

also cleaned up a few more suspect things yamllint turned up.

signed-off-by: dave kormann  <davek@research.att.com>
Change-Id: Ib8364126521434cfc0c44f193356147481d6e3f5
---
 roles/ops-hardening/tasks/main.yaml      | 10 +++++-----
 roles/ssh_conf_hardening/tasks/main.yaml |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 7aab166..90a57a2 100644
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -456,7 +456,7 @@
 
 #
 # tighten USB permissions
-# 
+#
 - name: Set USBGuard RestoreControllerDeviceState to false
   lineinfile:
     path: /etc/usbguard/usbguard-daemon.conf
@@ -490,9 +490,9 @@
 
 - Name: Ban suspect USB devices
   blockinfile:
-    # this isn't the optimal way to do this, i know, but i don't 
+    # this isn't the optimal way to do this, i know, but i don't
     # want to create a whole new template tree just to add this.
-    path:  /etc/usbguard/rules.conf
+    path: /etc/usbguard/rules.conf
     create: yes
     owner: root
     group: root
@@ -509,9 +509,9 @@
      # enabled:
      # xHCI controller/hub
      allow with-interface equals { 09:00:00 }
-     # mass media — sites may want to consider restricting 
+     # mass media — sites may want to consider restricting
      # this to 08:06:50 to just get the virtual CDROM and ban
-     # other USB media 
+     # other USB media
      allow with-interface equals { 08:*:* }
      # ethernet
      allow with-interface equals { 02:02:ff }
diff --git a/roles/ssh_conf_hardening/tasks/main.yaml b/roles/ssh_conf_hardening/tasks/main.yaml
index 256620c..cfc4425 100644
--- a/roles/ssh_conf_hardening/tasks/main.yaml
+++ b/roles/ssh_conf_hardening/tasks/main.yaml
@@ -111,7 +111,7 @@
 
 - name: "Limit interactive session count to 2"
   ssh_conf:
-    regexp: '[\s]*MaxSessions"
+    regexp: '[\s]*MaxSessions'
     values: "MaxSessions 2\n"
 
 - name: Banner creation
@@ -169,7 +169,7 @@
     name: sshd
     state: restarted
 
-- name : create a banner file
+- name: create a banner file
   lineinfile:
     path: /etc/banner
     create: yes
-- 
2.16.6