Martin Schurz

I like this proposal. And I am in strong favor of disabling the service (rather that introducing a firewall rule for the port). The `rpcinfo` service should serve almost no...

> > > I shorted the control documentation in order to pass the `Metrics/BlockLength: Block has too many lines. [36/35]` style check. > > Not sure how much good such...

This is a bit puzzling. The sysctls should be available on any current Linux. Can you post your kernel version? Also, are you running this as a user or as...

Can you execute the profile as root once? I believe some of the sysctls are only present, when you query them with root privileges. This might be another issue with...

Your concern is understandable. I did some digging in the Linux sources and it seems the problem with permissions for the sysctls was already identified and fixed in https://github.com/torvalds/linux/commit/c7031c144043c5b9a9b8827aaf44a67937559418 So...

> > > Do you have the community.general collection installed? > https://docs.ansible.com/ansible/latest/collections/community/general/pam_limits_module.html > > ``` > This plugin is part of the community.general collection (version 3.3.0). > > To install...

What do you think of checking this in an ansible task and simply showing an error/warning message to the user? Something like "If you set `ssh_server_password_login: true` you also have...

My problem is with the `password` part in `sshd_authenticationmethods`, the user might as well like `keyboard-interactive` or some other gssapi option. So I think giving a warning/error message and letting...

I kind of like the solution with placing the files into `/usr/share/pam-configs`. From my standpoint we are a acting like a package. We provide preconfigured settings, that don't need to...

this was willfully introduced: https://github.com/dev-sec/ansible-ssh-hardening/pull/320 however I am not able to find Issue 319 in the ansible-ssh-hardening repo.