Added bootstrap role with the tasks, defaults and handlers necessary for the playbooks
This commit is contained in:
Alex Tavarez
34
roles/bootstrap/tasks/denyroot.yml
Normal file
34
roles/bootstrap/tasks/denyroot.yml
Normal file
@@ -0,0 +1,34 @@
|
||||
---
|
||||
- name: Disable shell session root login
|
||||
user:
|
||||
name: "{{ item.username }}"
|
||||
shell: /sbin/nologin
|
||||
loop: "{{ roots }}"
|
||||
register: root_deshelled
|
||||
when: nonlogin_method == 'deshell'
|
||||
tags: ['default', 'root_deshelling']
|
||||
- name: Lock the root account
|
||||
user:
|
||||
name: "{{ item.username }}"
|
||||
password_lock: yes
|
||||
loop: "{{ roots }}"
|
||||
register: root_locked
|
||||
when: nonlogin_method == 'lock' or nonlogin_method == 'all'
|
||||
tags: ['default', 'root_locking']
|
||||
- name: Disable root account password
|
||||
user:
|
||||
name: "{{ item.username }}"
|
||||
password: "*"
|
||||
loop: "{{ roots }}"
|
||||
register: root_closed
|
||||
when: nonlogin_method == 'close'
|
||||
tags: ['default', 'root_closing']
|
||||
- name: Disable root account password and shell login
|
||||
user:
|
||||
name: "{{ item.username }}"
|
||||
password: "*"
|
||||
shell: /sbin/nologin
|
||||
loop: "{{ roots }}"
|
||||
register: root_delogged
|
||||
when: nonlogin_method == 'delog' or nonlogin_method == 'all'
|
||||
tags: ['default', 'root_locking']
|
||||
Reference in New Issue
Block a user