From 333fcddfa2ac4c552573aac65d0ed7b2ccceb589 Mon Sep 17 00:00:00 2001
From: Manuel Mitnyan <mmitnyan@videotron.ca>
Date: Tue, 24 Jan 2023 13:35:33 -0500
Subject: [PATCH] Support for Amazon Linux 2

Signed-off-by: Manuel Mitnyan <mmitnyan@videotron.ca>
---
 roles/ssh_hardening/vars/Amazon_2.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 roles/ssh_hardening/vars/Amazon_2.yml

diff --git a/roles/ssh_hardening/vars/Amazon_2.yml b/roles/ssh_hardening/vars/Amazon_2.yml
new file mode 100644
index 000000000..4c97cd6a0
--- /dev/null
+++ b/roles/ssh_hardening/vars/Amazon_2.yml
@@ -0,0 +1,23 @@
+---
+sshd_path: /usr/sbin/sshd
+ssh_host_keys_dir: '/etc/ssh'
+sshd_service_name: sshd
+ssh_owner: root
+ssh_group: root
+ssh_host_keys_owner: 'root'
+ssh_host_keys_group: 'ssh_keys'
+ssh_selinux_packages:
+  - policycoreutils-python
+  - checkpolicy
+
+# true if SSH support Kerberos
+ssh_kerberos_support: true
+
+# true if SSH has PAM support
+ssh_pam_support: true
+
+sshd_moduli_file: '/etc/ssh/moduli'
+
+# disable CRYPTO_POLICY to take settings from sshd configuration
+# see: https://access.redhat.com/solutions/4410591
+sshd_disable_crypto_policy: true