--- #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # delete default user , only on VM - name: delete default user , only on VM user: name: "{{ name_user }}" state: absent remove: yes tags: - delete-user #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # change root password - name: change root password user: name: root password: "{{ ssh_password | password_hash('sha512') }}" #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # delete root ssh pub key in Authorized_keys - name: delete ssh pub key in /root/.ssh/authorized_keys file: path: "{{ root_authorized_keys }}" state: absent #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # config sshd_config file , no root password #- name: change sshd_config to no root password # lineinfile: # path: "{{ path_sshd_config_file }}" # regexp: "PermitRootLogin yes" # line: "#PermitRootLogin prohibit-password" # state: present # notify: Restart ssh service #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # service should start on boot. - name: service should start on boot service: name: "{{ ssh_daemon }}" enabled: yes #- name: change sshd_config to no root password # copy: # src: "{{ source_path_ssh }}" # dest: "{{ dest_path_ssh }}" # remote_src: yes # owner: root # group: root # mode: '0644' # delete file sshd_config.orig #- name: delete /etc/ssh/sshd_config.orig file # file: # path: "{{ source_path_ssh }}" # state: absent # notify: Restart ssh service #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # changes .BASHRC file of root user # step1 - uncomment lines - name: uncomment this lines lineinfile: dest: "{{ path_bashrc_root }}" regexp: "{{item.regexp}}" line: "{{item.line}}" state: present with_items: - regexp: "^# export LS_OPTIONS" line: "{{ export_LS_OPTIONS }}" - regexp: "^# eval" line: "{{ eval_dircolors }}" - regexp: "^# alias ls='ls $LS_OPTIONS'" line: "{{ alias_ls }}" - regexp: "^# alias ll='ls $LS_OPTIONS -l'" line: "{{ alias_ll }}" - regexp: "# alias la='ls $LS_OPTIONS -la'" line: "{{ alias_la }}" #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # step2 - add block lines - name: add block lines blockinfile: path: "{{ path_bashrc_root }}" block: | ### 4Loooong memories HISTSIZE=10000 HISTFILESIZE=20000 ### 4security TMOUT=3600 ### write auto label # If this is an xterm set the title to user@host:dir case "$TERM" in xterm*|rxvt*) PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" ;; *) ;; esac source /etc/profile.d/bash_completion.sh #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++