Merge branch 'debsums_security' into 'master'

Configure SSH and add debsums

See merge request aurore/ansible!25
This commit is contained in:
Alexandre IOOSS 2019-03-16 22:09:40 +01:00
commit 2b79f9117e

View file

@ -28,9 +28,14 @@
- name: Prohibit root SSH with password - name: Prohibit root SSH with password
lineinfile: lineinfile:
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin' regexp: '^{{ item.0 }}'
insertafter: '^#PermitRootLogin' insertafter: '^#{{ item.0 }}'
line: 'PermitRootLogin prohibit-password' line: '{{ item.0 }} {{ item.1 }}'
loop:
- ["PermitRootLogin", "prohibit-password"]
- ["AllowAgentForwarding", "no"]
- ["X11Forwarding", "no"]
- ["TCPKeepAlive", "no"]
notify: Restart sshd service notify: Restart sshd service
# See banned client with `fail2ban-client status sshd` # See banned client with `fail2ban-client status sshd`
@ -47,3 +52,11 @@
dest: /etc/fail2ban/jail.d/local.conf dest: /etc/fail2ban/jail.d/local.conf
mode: 0644 mode: 0644
notify: Restart fail2ban service notify: Restart fail2ban service
# See altered packages and configurations with `debsums -ca`
- name: Install debsums
apt:
name: debsums
register: apt_result
retries: 3
until: apt_result is succeeded