-
-
Notifications
You must be signed in to change notification settings - Fork 20
/
local.yml
45 lines (42 loc) · 1.22 KB
/
local.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
---
- name: Checkout and configure konstruktoid.hardening
hosts: localhost
any_errors_fatal: true
tasks:
- name: Clone hardening repository
become: true
tags:
- always
block:
- name: Install git
ansible.builtin.package:
name: git
state: present
- name: Checkout konstruktoid.hardening
become: true
ansible.builtin.git:
repo: https://github.com/konstruktoid/ansible-role-hardening
dest: /etc/ansible/roles/konstruktoid.hardening
version: v2.1.1
- name: Remove git
ansible.builtin.package:
name: git
state: absent
- name: Include the hardening role
ansible.builtin.include_role:
name: konstruktoid.hardening
vars:
auditd_apply_audit_rules: false
manage_aide: false
manage_ufw: false
sshd_allow_groups:
- sudo
- ubuntu
sshd_allow_users: []
sshd_login_grace_time: 60
sshd_max_auth_tries: 10
sshd_password_authentication: true
sshd_permit_root_login: false
suid_sgid_permissions: false
sshd_update_moduli: true
sshd_use_dns: false