Inicio Explorar Ayuda
Iniciar sesión
ffdo-infrastruktur
/
ffdo-ansible
espejo de https://github.com/ffdo/ffdo-ansible.git
5
0
Fork 0
Archivos
Árbol: c02a1bf88c
Ramas Etiquetas
ffdo-ansible
/
roles
/
authentication
/
tasks
/
main.yml

main.yml 786 B
Histórico Raw

123456789101112131415161718192021222324252627282930 
  1. ---
    2. 

  2. # tasks file for ffdo.authentication
    3. 

  3. 

  4. - name: Ensure sudo is installed
    5. 

  5.   apt: name=sudo state=present update_cache=yes cache_valid_time=3600
    6. 

  6. 

  7. - name: Disable password based sudo for users in group sudo and enable password less sudo
    8. 

  8.   lineinfile:
    9. 

  9.     dest: "/etc/sudoers"
    10. 

  10.     regexp: '^%sudo'
    11. 

  11.     line: "%sudo ALL=(ALL) NOPASSWD: ALL"
    12. 

  12.     validate: 'visudo -cf %s'
    13. 

  13. 

  14. - name: Update SSH configuration
    15. 

  15.   replace: >
    16. 

  16.     dest=/etc/ssh/sshd_config
    17. 

  17.     regexp="^([\#\s]*)?{{item.key}}\s+([\w_-]+)"
    18. 

  18.     replace="{{item.key}} {{item.value}}"
    19. 

  19.     backup=yes
    20. 

  20.   with_items:
    21. 

  21.   - key: PermitRootLogin
    22. 

  22.     value: without-password
    23. 

  23.   - key: PasswordAuthentication
    24. 

  24.     value: 'no'
    25. 

  25.   - key: ChallengeResponseAuthentication
    26. 

  26.     value: 'no'
    27. 

  27.   - key: PrintLastLog
    28. 

  28.     value: 'no'
    29. 

  29.   notify:
    30. 

  30.   - reload ssh
    31.