update
This commit is contained in:
havelight-ee
@@ -1,9 +1,6 @@
|
||||
---
|
||||
- include: login_defs.yml
|
||||
tags: login_defs
|
||||
|
||||
- include: pam.yml
|
||||
tags: pam
|
||||
- pause:
|
||||
seconds: "{{ pause_time }}"
|
||||
|
||||
- include: sshd_config.yml
|
||||
tags: sshd_config
|
||||
@@ -11,14 +8,5 @@
|
||||
- include: sudoers.yml
|
||||
tags: sudoers
|
||||
|
||||
- include: profile.yml
|
||||
tags: profile
|
||||
|
||||
- include: banner.yml
|
||||
tags: banner
|
||||
|
||||
- include: crictl.yml
|
||||
tags: crictl
|
||||
|
||||
- include: admin_set.yml
|
||||
tags: admin_set
|
||||
|
||||
@@ -1,4 +1,15 @@
|
||||
---
|
||||
- name: Get all ssh sessions
|
||||
shell: ps -ef | grep sshd | grep -v root | grep -v "{{ ansible_user }}" | awk '{print $2}'
|
||||
register: ssh_sessions
|
||||
ignore_errors: true
|
||||
|
||||
- name: Terminate ssh sessions
|
||||
shell: kill -9 {{ item }}
|
||||
with_items: "{{ ssh_sessions.stdout_lines }}"
|
||||
when: ssh_sessions is defined
|
||||
ignore_errors: true
|
||||
|
||||
- name: "Create devops group"
|
||||
ansible.builtin.group:
|
||||
name: "devops"
|
||||
@@ -28,10 +39,9 @@
|
||||
with_items: "{{ admin_users }}"
|
||||
when:
|
||||
- item.name is defined
|
||||
- item.key is defined
|
||||
ignore_errors: true
|
||||
|
||||
- name: user change
|
||||
- name: "admin user password change"
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ password | password_hash('sha512') }}"
|
||||
@@ -39,10 +49,9 @@
|
||||
with_items: "{{ admin_users }}"
|
||||
when:
|
||||
- item.name is defined
|
||||
- item.key is defined
|
||||
ignore_errors: true
|
||||
|
||||
- name: key add
|
||||
- name: "Add admin user key"
|
||||
authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
state: present
|
||||
@@ -51,6 +60,7 @@
|
||||
when:
|
||||
- item.name is defined
|
||||
- item.key is defined
|
||||
- common_user == True
|
||||
ignore_errors: true
|
||||
|
||||
|
||||
@@ -64,10 +74,10 @@
|
||||
with_items: "{{ allow_users }}"
|
||||
when:
|
||||
- item.name is defined
|
||||
- item.key is defined
|
||||
- common_user == True
|
||||
ignore_errors: true
|
||||
|
||||
- name: user change
|
||||
- name: "Change common user password change"
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ password | password_hash('sha512') }}"
|
||||
@@ -75,10 +85,10 @@
|
||||
with_items: "{{ allow_users }}"
|
||||
when:
|
||||
- item.name is defined
|
||||
- item.key is defined
|
||||
- common_user == True
|
||||
ignore_errors: true
|
||||
|
||||
- name: key add
|
||||
- name: "Add common user key"
|
||||
authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
state: present
|
||||
@@ -87,9 +97,11 @@
|
||||
when:
|
||||
- item.name is defined
|
||||
- item.key is defined
|
||||
- common_user == True
|
||||
ignore_errors: true
|
||||
|
||||
- name: "Setting sudoers allow users"
|
||||
template:
|
||||
src: sudoers_users.j2
|
||||
dest: "/etc/sudoers.d/sudoers_users"
|
||||
ignore_errors: true
|
||||
|
||||
Reference in New Issue
Block a user