Removed import of task meant to be done via non-root user with privilege escalation
This commit is contained in:
Alex Tavarez
@@ -44,7 +44,7 @@
|
|||||||
loop: "{{ create_users[1:] }}"
|
loop: "{{ create_users[1:] }}"
|
||||||
tags:
|
tags:
|
||||||
- other_users
|
- other_users
|
||||||
register: created_user
|
register: created_users
|
||||||
- name: Specify authorized SSH keys for users based on local public keys
|
- name: Specify authorized SSH keys for users based on local public keys
|
||||||
when: not files_mode and ansible_facts["user_id"] == "root"
|
when: not files_mode and ansible_facts["user_id"] == "root"
|
||||||
block:
|
block:
|
||||||
@@ -87,7 +87,7 @@
|
|||||||
tags:
|
tags:
|
||||||
- other_users
|
- other_users
|
||||||
- others_ssh
|
- others_ssh
|
||||||
loop: "{{ created_user }}"
|
loop: "{{ created_users.results }}"
|
||||||
register: authorized_ssh_pubkeys
|
register: authorized_ssh_pubkeys
|
||||||
- name: Specify authorized SSH keys for users
|
- name: Specify authorized SSH keys for users
|
||||||
when: files_mode and ansible_facts["user_id"] == "root"
|
when: files_mode and ansible_facts["user_id"] == "root"
|
||||||
@@ -118,7 +118,7 @@
|
|||||||
tags:
|
tags:
|
||||||
- other_users
|
- other_users
|
||||||
- others_ssh
|
- others_ssh
|
||||||
loop: "{{ created_user }}"
|
loop: "{{ created_users.results }}"
|
||||||
register: authorized_ssh_pubkeys
|
register: authorized_ssh_pubkeys
|
||||||
- name: Lock down root SSH access
|
- name: Lock down root SSH access
|
||||||
when: ansible_facts["user_id"] == "root"
|
when: ansible_facts["user_id"] == "root"
|
||||||
@@ -154,7 +154,4 @@
|
|||||||
tags:
|
tags:
|
||||||
- default
|
- default
|
||||||
- deroot
|
- deroot
|
||||||
notify: "restart ssh"
|
notify: "restart ssh"
|
||||||
- name: Import disabling of shell root by sys-admin user
|
|
||||||
ansible.builtin.import_tasks:
|
|
||||||
file: ./deshell.yml
|
|
||||||
Reference in New Issue
Block a user