45 lines
748 B
YAML
45 lines
748 B
YAML
---
|
|
# base config
|
|
- name: basic tools
|
|
package:
|
|
state: present
|
|
name: htop
|
|
|
|
# cloud-init
|
|
- name: stop cloud-init
|
|
service:
|
|
name: cloud-init
|
|
state: stopped
|
|
|
|
- name: disable cloud-init
|
|
service:
|
|
name: cloud-init
|
|
enabled: false
|
|
|
|
# legal
|
|
- name: copy SSH disclaimer
|
|
copy:
|
|
src: files/issue.net
|
|
dest: /etc/issue.net
|
|
mode: u=rw,g=r,o=r
|
|
owner: root
|
|
group: root
|
|
notify: restart sshd
|
|
|
|
- name: set SSH Banner
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
line: Banner /etc/issue.net
|
|
regexp: \#?Banner.*
|
|
state: present
|
|
notify: restart sshd
|
|
|
|
- name: link local banner to SSH banner
|
|
file:
|
|
src: /etc/issue.net
|
|
path: /etc/issue
|
|
state: hard
|
|
force: yes
|
|
|
|
- include_tasks: hardening.yml
|