{{ if .Vars.ubtu24cis_level_1 }}
  {{ if .Vars.ubtu24cis_rule_5_1_12 }}
file:
  sshd_KEX:
    title: 5.1.12 | Ensure sshd Kex algorithms is configured
    path: /etc/ssh/sshd_config
    exists: true
    contents:
    {{ range .Vars.ubtu24cis_ssh_strong_kex }}
    - '/^KexAlgorithms.*{{ . }}/'
    {{ end }}
    {{ range .Vars.ubtu24cis_ssh_weak_kex }}
    - '!/^KexAlgorithms.*!{{ . }}/'
    {{ end }}
    meta:
      server: 1
      workstation: 1
      CIS_ID:
      - 5.1.12
      CISv8:
      - 3.10
      CISv8_IG1: false
      CISv8_IG2: true
      CISv8_IG3: true
      NIST800-53R5:
      - SC-8
  {{ end }}
{{ end }}