5bbc551106
- Reorganized Ansible project structure to follow best practices. - Created dedicated directories: , , , , and . - Categorized playbooks into (host-specific) and (service-specific). - Moved all roles into the directory and standardized their naming conventions. - Relocated to for better variable management. - Renamed to to reflect its global variable scope. - Created to correctly set the to the new directory. - Moved and into the directory. - Added to providing explanations for common commands. - Cleaned up directories from all individual roles to centralize version control.
35 lines
1.3 KiB
YAML
35 lines
1.3 KiB
YAML
---
|
|
- name: Ensure SSH daemon is running.
|
|
service:
|
|
name: "{{ security_sshd_name }}"
|
|
state: "{{ security_sshd_state }}"
|
|
|
|
- name: Update SSH configuration to be more secure.
|
|
lineinfile:
|
|
dest: "{{ security_ssh_config_path }}"
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
state: present
|
|
validate: "sshd -T -f %s"
|
|
mode: 0644
|
|
with_items:
|
|
- regexp: "^PasswordAuthentication"
|
|
line: "PasswordAuthentication {{ security_ssh_password_authentication }}"
|
|
- regexp: "^PermitRootLogin"
|
|
line: "PermitRootLogin {{ security_ssh_permit_root_login }}"
|
|
- regexp: "^Port"
|
|
line: "Port {{ security_ssh_port }}"
|
|
- regexp: "^UseDNS"
|
|
line: "UseDNS {{ security_ssh_usedns }}"
|
|
- regexp: "^PermitEmptyPasswords"
|
|
line: "PermitEmptyPasswords {{ security_ssh_permit_empty_password }}"
|
|
- regexp: "^ChallengeResponseAuthentication"
|
|
line: "ChallengeResponseAuthentication {{ security_ssh_challenge_response_auth }}"
|
|
- regexp: "^GSSAPIAuthentication"
|
|
line: "GSSAPIAuthentication {{ security_ssh_gss_api_authentication }}"
|
|
- regexp: "^X11Forwarding"
|
|
line: "X11Forwarding {{ security_ssh_x11_forwarding }}"
|
|
#- regexp: "^ListenAddress"
|
|
# line: "ListenAddress {{ ip_admin }}"
|
|
notify: restart ssh
|