Harden SSH daemon
This commit is contained in:
parent
71a2f9269d
commit
e32ed85d11
GPG key ID:
553C0EBBEB5D5F08
3 changed files with 38 additions and 0 deletions
|
|
@ -1 +1,6 @@
|
||||||
---
|
---
|
||||||
|
- name: common | Restart SSH daemon
|
||||||
|
systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
name: sshd
|
||||||
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,3 @@
|
||||||
---
|
---
|
||||||
- include_tasks: usability.yml
|
- include_tasks: usability.yml
|
||||||
|
- include_tasks: ssh.yml
|
||||||
|
|
|
||||||
32
tasks/ssh.yml
Normal file
32
tasks/ssh.yml
Normal file
|
|
@ -0,0 +1,32 @@
|
||||||
|
---
|
||||||
|
- name: Harden SSH daemon
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
regexp: '{{ item.regexp }}'
|
||||||
|
line: '{{ item.line }}'
|
||||||
|
notify: common | Restart SSH daemon
|
||||||
|
with_items:
|
||||||
|
- regexp: '^#?AcceptEnv '
|
||||||
|
line: 'AcceptEnv LANG LC_*'
|
||||||
|
- regexp: '^#?PermitUserEnvironment '
|
||||||
|
line: 'PermitUserEnvironment no'
|
||||||
|
- regexp: '^#?PermitRootLogin '
|
||||||
|
line: 'PermitRootLogin no'
|
||||||
|
- regexp: '^#?MaxAuthTries '
|
||||||
|
line: 'MaxAuthTries 2'
|
||||||
|
- regexp: '^#?MaxSessions '
|
||||||
|
line: 'MaxSessions 5'
|
||||||
|
- regexp: '^#?PasswordAuthentication '
|
||||||
|
line: 'PasswordAuthentication no'
|
||||||
|
- regexp: '^#?ChallengeResponseAuthentication '
|
||||||
|
line: 'ChallengeResponseAuthentication no'
|
||||||
|
- regexp: '^#?AllowAgentForwarding '
|
||||||
|
line: 'AllowAgentForwarding no'
|
||||||
|
- regexp: '^#?AllowTcpForwarding '
|
||||||
|
line: 'AllowTcpForwarding no'
|
||||||
|
- regexp: '^#?X11Forwarding '
|
||||||
|
line: 'X11Forwarding no'
|
||||||
|
- regexp: '^#?TCPKeepAlive '
|
||||||
|
line: 'TCPKeepAlive no'
|
||||||
|
- regexp: '^#?UseDNS '
|
||||||
|
line: 'UseDNS no'
|
||||||
Loading…
Reference in a new issue