Do not use PrintLastLog for Archlinux

Signed-off-by: matclab <[email protected]>

Author: matclab

molecule/ssh_hardening/verify.yml

@@ -10,9 +10,11 @@
       ansible.builtin.command: >
         docker run
         --volume /run/docker.sock:/run/docker.sock
+        --volume ./waivers_{{ lookup('env', 'MOLECULE_DISTRO') }}.yaml:/waivers.yaml
         docker.io/cincproject/auditor exec
         -t docker://instance
         --no-show-progress --no-color
+        --waiver-file /waivers.yaml
         --no-distinct-exit https://github.com/dev-sec/ssh-baseline/archive/refs/heads/master.zip
       register: test_results
       changed_when: false

molecule/ssh_hardening/waivers_arch.yaml

@@ -0,0 +1,3 @@
+sshd-45:
+  run: false
+  justification: "PrintLastLog is unsupported on ArchLinux. 

roles/ssh_hardening/templates/opensshd.conf.j2

@@ -253,7 +253,7 @@ UseDNS {{ 'yes' if (ssh_use_dns|bool) else 'no' }}
 
 PrintMotd {{ 'yes' if (ssh_print_motd|bool) else 'no' }}
 
-{% if ansible_facts.os_family != 'FreeBSD' %}
+{% if ansible_facts.os_family not in ('FreeBSD','Archlinux') %}
 PrintLastLog {{ 'yes' if (ssh_print_last_log|bool) else 'no' }}
 {% endif %}