RFE: Allow removing unrecognized sshd configuration files #256
Labels
Comments
|
From the point of view of design, we could have a variable (e.g. preserve_fragment_filenames) which by default is null. If set to a list, remove all files from the config dir that do not match regexs in the list. This will allow for pre/suffixes for other tools etc. How does that sound as a solution? |
|
Thanks for looking into this. Yes, that sounds like a good approach here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In case there's a configuration file present in the sshd_config.d directory then the role configured options do not necessarily get used if the unexpected configuration file has higher priority.
It would nice to be able to have the role to remove all unrecognised configuration files from sshd_config.d. On RHEL, for instance, there might be few non-role configuration files created by security hardening tools such as oscap(8) which would be ok to be left in place whereas something like 0-test.conf or 0-rogue.conf should be removed.
Thanks.
The text was updated successfully, but these errors were encountered: