xoxys.sshd/tasks/ssh_univention.yml
Robert Kaussow 363ee36566
All checks were successful
continuous-integration/drone/push Build is passing
feat: add test for Rocky Linux 8 (#1)
Co-authored-by: Robert Kaussow <xoxys@rknet.org>
Co-committed-by: Robert Kaussow <xoxys@rknet.org>
2022-01-26 21:02:28 +01:00

50 lines
1.8 KiB
YAML

---
- block:
- name: Hardening sshd config
ucr:
path: "{{ item.path }}"
value: "{{ item.value }}"
loop:
- path: sshd/permitroot
value: "{{ sshd_permit_root_login | default('') }}"
- path: sshd/PermitEmptyPasswords
value: "{{ sshd_permit_empty_passwords | default('') }}"
- path: sshd/permitroot
value: "{{ sshd_permit_root_login | default('') }}"
- path: sshd/passwordauthentication
value: "{{ sshd_password_authentication | default('') }}"
- path: sshd/challengeresponse
value: "{{ sshd_password_authentication | default('') }}"
- path: sshd/IgnoreRhosts
value: "{{ sshd_ignore_rhosts | default('') }}"
- path: sshd/HostbasedAuthentication
value: "{{ sshd_hostbased_authentication | default('') }}"
- path: sshd/ClientAliveInterval
value: "{{ sshd_client_alive_interval | default('') }}"
- path: sshd/ClientAliveCountMax
value: "{{ sshd_client_alive_count_max | default('') }}"
- path: sshd/Ciphers
value: "{{ sshd_ciphers | default('[]') | join(',') }}"
- path: sshd/KexAlgorithms
value: "{{ sshd_kex | default('[]') | join(',') }}"
- path: sshd/MACs
value: "{{ sshd_macs | default('[]') | join(',') }}"
loop_control:
label: "variable: {{ item.path }}={{ item.value }}"
notify: __sshd_restart
- name: Set allowed ssh groups
ucr:
path: "auth/sshd/group/{{ item }}"
value: "yes"
loop: "{{ sshd_allow_groups }}"
- name: Create SSH Usergroup
group:
name: "{{ item }}"
system: "yes"
state: present
loop: "{{ sshd_allow_groups }}"
become: True
become_user: root