From b18bc4ab1fed847433d2c5ca7427f3e5e92d6c22 Mon Sep 17 00:00:00 2001
From: rubenb <rubenb@verdnatura.es>
Date: Fri, 13 Oct 2023 09:08:54 +0200
Subject: [PATCH] hardnening-root playbook

---
 .../handlers/main.yaml                        |  5 +++
 .../tasks/main.yaml                           | 32 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 linux/base-config-debian/roles/hardnening-config-root-user/handlers/main.yaml
 create mode 100644 linux/base-config-debian/roles/hardnening-config-root-user/tasks/main.yaml

diff --git a/linux/base-config-debian/roles/hardnening-config-root-user/handlers/main.yaml b/linux/base-config-debian/roles/hardnening-config-root-user/handlers/main.yaml
new file mode 100644
index 0000000..e06e889
--- /dev/null
+++ b/linux/base-config-debian/roles/hardnening-config-root-user/handlers/main.yaml
@@ -0,0 +1,5 @@
+# restart ssh service to apply changes
+- name: Restart ssh service
+  service:
+    name: ssh
+    state: reloaded
\ No newline at end of file
diff --git a/linux/base-config-debian/roles/hardnening-config-root-user/tasks/main.yaml b/linux/base-config-debian/roles/hardnening-config-root-user/tasks/main.yaml
new file mode 100644
index 0000000..fcee0fc
--- /dev/null
+++ b/linux/base-config-debian/roles/hardnening-config-root-user/tasks/main.yaml
@@ -0,0 +1,32 @@
+---
+
+# delete default user , only on VM
+- name: delete default user , only on VM
+  user:
+    name: "{{ name_user }}"
+    state: absent
+    remove: yes
+  tags:
+  - delete-user
+
+# change root password
+- name: change root password
+  user:
+    name: root
+    password: "{{ ssh_password | password_hash('sha512') }}"
+
+# config sshd_config file , no root password
+- name: change sshd_config to no root password
+  copy:
+    src: /etc/ssh/sshd_config.orig
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: '0644'
+
+# delete file sshd_config.orig
+- name: delete /etc/ssh/sshd_config.orig file
+  file:
+    path: /etc/ssh/sshd_config.orig
+    state: absent
+  notify: Restart ssh service
\ No newline at end of file