task 추가

ansible/server_settings/roles/security_settings/templates/banner.j2

@@ -0,0 +1,18 @@
+#!/bin/sh
+echo "-------------------------------------------------------------------------------\n"
+echo "    _╓g@DDKg╓_   \033[0;31m=╗╗╗╗,\033[0;0m     \033[0;34m,╗╗╗╗╤\033[0;0m    ,╔╗DDKg╔_        ╓g@DD╗╔_    ╓g@DD╗╔_"
+echo "  ╓D╝╙\`    \`╠╠H   \033[0;31m╙╠╠╠╠▒\033[0;0m   \033[0;34mÆ╬╬╬╬╩\033[0;0m  _j╠╙\`     1╠R     j╠R^   \`╙╠▒,j╠R^   \`╙╠▒,"
+echo " 1╠^      ,╠╝       \033[0;31m╝╠R\033[0;0m  \033[0;34m╓▓╬╬╬╝\033[0;0m   j╠H       1╠^     ╠╠         ╚╠H         ╚╠H"
+echo "j╠⌐      j╠Γ         \033[0;31m'\033[0;0m  \033[0;34mÆ╬╬╬╬╙\033[0;0m    ╠H      ╔╠R       ╠╠          ╠╠          ╠╠"
+echo "╠╠     ╒╠R            \033[0;34m╔╣╬╬╬\033[0;33m╬▒\033[0;0m    j╠H    _D╝\`        ╠╠          ╠╠          ╠╠"
+echo "'╠H   1╠^      ..   \033[0;34m,╣╬╬╬╣\033[0;33m╬╣╣▓┐\033[0;0m   ╠D   ╔╚╙       ╔_ ╠╠          ╠╠          ╠╠"
+echo " '╠▒╓░╙      _╔╔^  \033[0;34m¢╬╬╬╬╩\033[0;33m ╚╣╣╣╣▌\033[0;0m   ╚▒╓░╙       ╔░H  ╠╠          ╠╠          ╠╠"
+echo "   ⁿ╚╠K≥╔╔╔1▒╝^  \033[0;34m╒▓╬╬╬╩^\033[0;33m   \`╣╣╣╣▓╕\033[0;0m  \`╚╠▒g╔╔╔gD╝╙    ╠╠          ╠╠          ╠╠\n"
+echo "-------------------------------------------------------------------------------"
+echo ""
+echo "                             - 알              림 -                             "
+echo ""
+echo " 현재 접속하신 서버는 SaaS기술연구팀 개발 서버 입니다.                                       "
+echo " 인가되지 않은 사용자의 접근, 수정 등 행위 시 처벌을 받을 수 있습니다.                         "
+echo ""
+echo "-------------------------------------------------------------------------------"

ansible/server_settings/roles/security_settings/templates/common-auth.j2

@@ -0,0 +1,29 @@
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+auth    [success=1 default=ignore]      pam_unix.so nullok
+# here's the fallback if no module succeeds
+auth    requisite                       pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+auth    required                        pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+auth    optional                        pam_cap.so
+# end of pam-auth-update config
+
+## Add Ansible Playbook - Securtiy_Settings ##
+auth required pam_tally2.so onerr=fail even_deny_root deny=5 unlock_time=300

ansible/server_settings/roles/security_settings/templates/common-password.j2

@@ -0,0 +1,37 @@
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define the services to be
+# used to change user passwords.  The default is pam_unix.
+
+# Explanation of pam_unix options:
+#
+# The "sha512" option enables salted SHA512 passwords.  Without this option,
+# the default is Unix crypt.  Prior releases used the option "md5".
+#
+# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
+# login.defs.
+#
+# See the pam_unix manpage for other options.
+
+# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
+# To take advantage of this, it is recommended that you configure any
+# local modules either before or after the default block, and use
+# pam-auth-update to manage selection of other modules.  See
+# pam-auth-update(8) for details.
+
+# here are the per-package modules (the "Primary" block)
+password [success=1 default=ignore] pam_unix.so sha512
+# here's the fallback if no module succeeds
+password        requisite                       pam_deny.so
+# prime the stack with a positive return value if there isn't one already;
+# this avoids us returning an error just because nothing sets a success code
+# since the modules above will each just jump around
+password        required                        pam_permit.so
+# and here are more per-package modules (the "Additional" block)
+# end of pam-auth-update config
+password required pam_pwhistory.so remember=5
+
+## Add Ansible Playbook - Securtiy_Settings ##
+password requisite pam_pwquality.so retry={{ debian_retry }} minlen={{ debina_minlen }} lcredit={{ debian_lcredit }} ucredit={{ debian_ucredit }} dcredit={{ debian_dcredit }} ocredit={{ debian_ocredit }}

ansible/server_settings/roles/security_settings/templates/sysinfo.j2

@@ -0,0 +1,19 @@
+#!/bin/sh
+# pam_motd does not carry the environment
+[ -f /etc/default/locale ] && . /etc/default/locale
+export LANG
+cores=$(grep -c ^processor /proc/cpuinfo 2>/dev/null)
+[ "$cores" -eq "0" ] && cores=1
+threshold="${cores:-1}.0"
+if [ $(echo "`cut -f1 -d ' ' /proc/loadavg` < $threshold" | bc) -eq 1 ]; then
+    echo
+    echo -n "  System information as of "
+    /bin/date
+    echo
+    /usr/bin/landscape-sysinfo
+else
+    echo
+    echo " System information disabled due to load higher than $threshold"
+fi
+
+echo ""