ansible-test/roles/linux/base/tasks/main.yml

---
# base config
- name: basic tools
  package:
    state: present
    name: htop

# cloud-init
- name: stop cloud-init
  service:
    name: cloud-init
    state: stopped

- name: disable cloud-init
  service:
    name: cloud-init
    enabled: false

# legal
- name: copy SSH disclaimer
  copy:
    src: files/issue.net
    dest: /etc/issue.net
    mode: u=rw,g=r,o=r
    owner: root
    group: root
  notify: restart sshd

- name: set SSH Banner
  lineinfile:
    path: /etc/ssh/sshd_config
    line: Banner /etc/issue.net
    regexp: \#?Banner.*
    state: present
  notify: restart sshd

- name: link local banner to SSH banner
  file:
    src: /etc/issue.net
    path: /etc/issue
    state: hard
    force: yes

- include_tasks: hardening.yml
base und sysupgrade role, some hardening 2021-06-13 00:15:16 +02:00			`---`
			`# base config`
			`- name: basic tools`
			`package:`
			`state: present`
			`name: htop`

			`# cloud-init`
			`- name: stop cloud-init`
			`service:`
			`name: cloud-init`
			`state: stopped`

			`- name: disable cloud-init`
			`service:`
			`name: cloud-init`
			`enabled: false`

			`# legal`
			`- name: copy SSH disclaimer`
			`copy:`
			`src: files/issue.net`
			`dest: /etc/issue.net`
			`mode: u=rw,g=r,o=r`
			`owner: root`
			`group: root`
			`notify: restart sshd`

			`- name: set SSH Banner`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`line: Banner /etc/issue.net`
			`regexp: \#?Banner.*`
			`state: present`
			`notify: restart sshd`

			`- name: link local banner to SSH banner`
			`file:`
			`src: /etc/issue.net`
			`path: /etc/issue`
			`state: hard`
			`force: yes`

			`- include_tasks: hardening.yml`