Merge branch 'debsums_security' into 'master'

Configure SSH and add debsums

See merge request aurore/ansible!25
This commit is contained in:
Alexandre IOOSS 2019-03-16 22:09:40 +01:00
commit 2b79f9117e

View file

@ -28,9 +28,14 @@
- name: Prohibit root SSH with password
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
insertafter: '^#PermitRootLogin'
line: 'PermitRootLogin prohibit-password'
regexp: '^{{ item.0 }}'
insertafter: '^#{{ item.0 }}'
line: '{{ item.0 }} {{ item.1 }}'
loop:
- ["PermitRootLogin", "prohibit-password"]
- ["AllowAgentForwarding", "no"]
- ["X11Forwarding", "no"]
- ["TCPKeepAlive", "no"]
notify: Restart sshd service
# See banned client with `fail2ban-client status sshd`
@ -47,3 +52,11 @@
dest: /etc/fail2ban/jail.d/local.conf
mode: 0644
notify: Restart fail2ban service
# See altered packages and configurations with `debsums -ca`
- name: Install debsums
apt:
name: debsums
register: apt_result
retries: 3
until: apt_result is succeeded