Merge branch 'debsums_security' into 'master'
Configure SSH and add debsums See merge request aurore/ansible!25
This commit is contained in:
Alexandre IOOSS
commit
2b79f9117e
1 changed files with 16 additions and 3 deletions
|
|
@ -28,9 +28,14 @@
|
||||||
- name: Prohibit root SSH with password
|
- name: Prohibit root SSH with password
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
regexp: '^PermitRootLogin'
|
regexp: '^{{ item.0 }}'
|
||||||
insertafter: '^#PermitRootLogin'
|
insertafter: '^#{{ item.0 }}'
|
||||||
line: 'PermitRootLogin prohibit-password'
|
line: '{{ item.0 }} {{ item.1 }}'
|
||||||
|
loop:
|
||||||
|
- ["PermitRootLogin", "prohibit-password"]
|
||||||
|
- ["AllowAgentForwarding", "no"]
|
||||||
|
- ["X11Forwarding", "no"]
|
||||||
|
- ["TCPKeepAlive", "no"]
|
||||||
notify: Restart sshd service
|
notify: Restart sshd service
|
||||||
|
|
||||||
# See banned client with `fail2ban-client status sshd`
|
# See banned client with `fail2ban-client status sshd`
|
||||||
|
|
@ -47,3 +52,11 @@
|
||||||
dest: /etc/fail2ban/jail.d/local.conf
|
dest: /etc/fail2ban/jail.d/local.conf
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: Restart fail2ban service
|
notify: Restart fail2ban service
|
||||||
|
|
||||||
|
# See altered packages and configurations with `debsums -ca`
|
||||||
|
- name: Install debsums
|
||||||
|
apt:
|
||||||
|
name: debsums
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue