---

{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_5_1_6 }}
file:
  sshd_ciphers:
    title: 5.1.6 | Ensure only strong Ciphers are used
    path: /etc/ssh/sshd_config
    exists: true
    contents:
    {{ range .Vars.ubtu24cis_ssh_strong_ciphers }}
    - '/^Ciphers.*{{ . }}/'
    {{ end }}
    {{ range .Vars.ubtu24cis_ssh_weak_ciphers }}
    - '!/^Ciphers.*{{ . }}/'
    {{ end }}
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 5.1.6
      CISv8:
      - 3.10
      CISv8_IG1: false
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - SC-8
  {{ end }}
{{ end }}