103 lines
3.3 KiB
YAML
103 lines
3.3 KiB
YAML
---
|
|
|
|
- name: "[CONFIG ROOT USER] Comprobando si es necesario configurar SSH root user"
|
|
meta: end_host
|
|
when: root_user_enabled is not defined or not root_user_enabled
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# delete default user , only on VM
|
|
- name: delete default user , only on VM
|
|
user:
|
|
name: "{{ name_user }}"
|
|
state: absent
|
|
remove: yes
|
|
# tags:
|
|
# - delete-user
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# change root password
|
|
- name: change root password
|
|
user:
|
|
name: root
|
|
password: "{{ ssh_password | password_hash('sha512') }}"
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# DISABLE to MAINTAIN AUTHORIZED KEYS FILE
|
|
# delete root ssh pub key in Authorized_keys
|
|
#- name: delete ssh pub key in /root/.ssh/authorized_keys
|
|
# file:
|
|
# path: "{{ root_authorized_keys }}"
|
|
# state: absent
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# config sshd_config file , no root password
|
|
#- name: change sshd_config to no root password
|
|
# lineinfile:
|
|
# path: "{{ path_sshd_config_file }}"
|
|
# regexp: "PermitRootLogin yes"
|
|
# line: "#PermitRootLogin prohibit-password"
|
|
# state: present
|
|
# notify: Restart ssh service
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# service should start on boot.
|
|
- name: service should start on boot
|
|
service:
|
|
name: "{{ ssh_daemon }}"
|
|
enabled: yes
|
|
#- name: change sshd_config to no root password
|
|
# copy:
|
|
# src: "{{ source_path_ssh }}"
|
|
# dest: "{{ dest_path_ssh }}"
|
|
# remote_src: yes
|
|
# owner: root
|
|
# group: root
|
|
# mode: '0644'
|
|
# delete file sshd_config.orig
|
|
#- name: delete /etc/ssh/sshd_config.orig file
|
|
# file:
|
|
# path: "{{ source_path_ssh }}"
|
|
# state: absent
|
|
# notify: Restart ssh service
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# changes .BASHRC file of root user
|
|
# step1 - uncomment lines
|
|
- name: uncomment this lines
|
|
lineinfile:
|
|
dest: "{{ path_bashrc_root }}"
|
|
regexp: "{{item.regexp}}"
|
|
line: "{{item.line}}"
|
|
state: present
|
|
with_items:
|
|
- regexp: "^# export LS_OPTIONS"
|
|
line: "{{ export_LS_OPTIONS }}"
|
|
- regexp: "^# eval"
|
|
line: "{{ eval_dircolors }}"
|
|
- regexp: "^# alias ls='ls $LS_OPTIONS'"
|
|
line: "{{ alias_ls }}"
|
|
- regexp: "^# alias ll='ls $LS_OPTIONS -l'"
|
|
line: "{{ alias_ll }}"
|
|
- regexp: "# alias la='ls $LS_OPTIONS -la'"
|
|
line: "{{ alias_la }}"
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# step2 - add block lines
|
|
- name: add block lines
|
|
blockinfile:
|
|
path: "{{ path_bashrc_root }}"
|
|
block: |
|
|
### 4Loooong memories
|
|
HISTSIZE=10000
|
|
HISTFILESIZE=20000
|
|
### 4security
|
|
TMOUT=3600
|
|
### write auto label
|
|
# If this is an xterm set the title to user@host:dir
|
|
case "$TERM" in
|
|
xterm*|rxvt*)
|
|
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
source /etc/profile.d/bash_completion.sh
|
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |