separated out an SSH hardening task as part of refactor
This commit is contained in:
18
roles/init-server/tasks/harden.yml
Normal file
18
roles/init-server/tasks/harden.yml
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
#SPDX-License-Identifier: MIT-0
|
||||||
|
---
|
||||||
|
# tasks file for roles/init-vps
|
||||||
|
- name: Checking whether administrative login used
|
||||||
|
when: ansible_user not in (admins | map(attribute="username") | list)
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: Must use administrative user for subsequent tasks
|
||||||
|
- name: Hardening SSH service for the Linode VPS
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: sshd_config.d/harden.conf
|
||||||
|
dest: /etc/ssh/sshd_config.d/harden.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "644"
|
||||||
|
force: true
|
||||||
|
backup: true
|
||||||
|
validate: "sshd -t %s"
|
||||||
|
register: ssh_hardened
|
||||||
Reference in New Issue
Block a user