hardnening-root playbook

2023-10-13 09:08:54 +02:00 · 2023-10-13 09:08:54 +02:00 · b18bc4ab1f
parent 20303d37f0
commit b18bc4ab1f
2 changed files with 37 additions and 0 deletions
--- a/linux/base-config-debian/roles/hardnening-config-root-user/handlers/main.yaml
+++ b/linux/base-config-debian/roles/hardnening-config-root-user/handlers/main.yaml
@ -0,0 +1,5 @@
+# restart ssh service to apply changes
+- name: Restart ssh service
+  service:
+    name: ssh
+    state: reloaded
--- a/linux/base-config-debian/roles/hardnening-config-root-user/tasks/main.yaml
+++ b/linux/base-config-debian/roles/hardnening-config-root-user/tasks/main.yaml
@ -0,0 +1,32 @@
+---
+
+# delete default user , only on VM
+- name: delete default user , only on VM
+  user:
+    name: "{{ name_user }}"
+    state: absent
+    remove: yes
+  tags:
+  - delete-user
+
+# change root password
+- name: change root password
+  user:
+    name: root
+    password: "{{ ssh_password | password_hash('sha512') }}"
+
+# config sshd_config file , no root password
+- name: change sshd_config to no root password
+  copy:
+    src: /etc/ssh/sshd_config.orig
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: '0644'
+
+# delete file sshd_config.orig
+- name: delete /etc/ssh/sshd_config.orig file
+  file:
+    path: /etc/ssh/sshd_config.orig
+    state: absent
+  notify: Restart ssh service