Merge branch 'debsums_security' into 'master'
Configure SSH and add debsums See merge request aurore/ansible!25
This commit is contained in:
Alexandre IOOSS
commit
2b79f9117e
1 changed files with 16 additions and 3 deletions
|
|
@ -28,9 +28,14 @@
|
|||
- name: Prohibit root SSH with password
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: '^PermitRootLogin'
|
||||
insertafter: '^#PermitRootLogin'
|
||||
line: 'PermitRootLogin prohibit-password'
|
||||
regexp: '^{{ item.0 }}'
|
||||
insertafter: '^#{{ item.0 }}'
|
||||
line: '{{ item.0 }} {{ item.1 }}'
|
||||
loop:
|
||||
- ["PermitRootLogin", "prohibit-password"]
|
||||
- ["AllowAgentForwarding", "no"]
|
||||
- ["X11Forwarding", "no"]
|
||||
- ["TCPKeepAlive", "no"]
|
||||
notify: Restart sshd service
|
||||
|
||||
# See banned client with `fail2ban-client status sshd`
|
||||
|
|
@ -47,3 +52,11 @@
|
|||
dest: /etc/fail2ban/jail.d/local.conf
|
||||
mode: 0644
|
||||
notify: Restart fail2ban service
|
||||
|
||||
# See altered packages and configurations with `debsums -ca`
|
||||
- name: Install debsums
|
||||
apt:
|
||||
name: debsums
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
|
|
|||
Loading…
Reference in a new issue