41 lines
1.2 KiB
YAML
41 lines
1.2 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for roles/init-vps
|
|
# @TODO complete below tasks
|
|
- name: Checking whether administrative login used
|
|
when: ansible_facts["user_id"] not in (admins | map(attribute="username") | list)
|
|
ansible.builtin.fail:
|
|
msg: Administrative user does not exist on managed node
|
|
- name: Prohibiting SSH root login
|
|
when: harden
|
|
become: true
|
|
ansible.builtin.copy:
|
|
src: sshd_config.d/denyroot.conf
|
|
dest: /etc/ssh/sshd_config.d/denyroot.conf
|
|
owner: root
|
|
group: root
|
|
mode: "644"
|
|
force: true
|
|
backup: true
|
|
validate: "sshd -t %s"
|
|
- name: Create groups for FTP services
|
|
when: "'internal-sftp' in item.service or 'proftpd' in item.service or 'vsftpd' in item.service"
|
|
become: true
|
|
ansible.builtin.group:
|
|
name: "{{ item.username }}"
|
|
system: true
|
|
state: present
|
|
loop: "{{ sys_users }}"
|
|
register: ftp_groups
|
|
- name: Configuring SFTP for FTP group
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: sshd_config.d/sftp.conf.j2
|
|
dest: /etc/ssh/sshd_config.d/sftp.conf
|
|
owner: root
|
|
group: root
|
|
mode: "644"
|
|
force: true
|
|
backup: true
|
|
validate: "sshd -t %s"
|
|
register: configured_sftp |