From 0918aac9736c3322f5ed3fd02b0937918ea98e1a Mon Sep 17 00:00:00 2001
From: Miha Purg <miha.purg@canonical.com>
Date: Thu, 9 May 2024 14:33:39 +0200
Subject: [PATCH] Modify Ubuntu ansible remediation for
 sshd_use_approved_ciphers_ordered_stig

The remediation now uses the ansible_sshd_set macro and the
sshd_approved_ciphers variable.
---
 .../ansible/shared.yml                                       | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/ansible/shared.yml
index 6e206222356..5b9f9e1a453 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/ansible/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/ansible/shared.yml
@@ -4,6 +4,10 @@
 # complexity = low
 # disruption = low
 
+{{%- if 'ubuntu' in product %}}
+{{{ ansible_instantiate_variables('sshd_approved_ciphers') }}}
+{{{ ansible_sshd_set(parameter="Ciphers", value="{{ sshd_approved_ciphers }}", config_is_distributed=sshd_distributed_config) }}}
+{{%- else %}}
 - name: "Configure sshd to use approved ciphers"
   lineinfile:
     path: /etc/ssh/sshd_config
@@ -11,3 +15,4 @@
     state: present
     regexp: '^[\s]*[Cc]iphers[\s]+(aes256-ctr(?=[\w,-@]+|$),?)?(aes192-ctr(?=[\w,-@]+|$),?)?(aes128-ctr(?=[\w,-@]+|$),?)?[\s]*(?:#.*)?$'
     create: True
+{{%- endif %}}