--- - name: Add pam_tally2.so template: src: common-auth.j2 dest: /etc/pam.d/common-auth owner: root group: root mode: 0644 - name: Create pwquality.conf password complexity configuration block: - apt: name: libpam-pwquality state: present install_recommends: false - template: src: pwquality.conf.j2 dest: /etc/security/pwquality.conf owner: root group: root mode: 0644 - name: Add pam_tally2.so block: - lineinfile: dest: /etc/pam.d/common-account regexp: '^account\srequisite' line: "account requisite pam_deny.so" - lineinfile: dest: /etc/pam.d/common-account regexp: '^account\srequired' line: "account required pam_tally2.so" - name: password reuse is limited lineinfile: dest: /etc/pam.d/common-password line: "password required pam_pwhistory.so remember=5" - name: password hashing algorithm is SHA-512 lineinfile: dest: /etc/pam.d/common-password regexp: '^password\s+\[success' line: "password [success=1 default=ignore] pam_unix.so sha512" - name: Shadow Password Suite Parameters lineinfile: dest: /etc/pam.d/common-password regexp: '^password\s+\[success' line: "password [success=1 default=ignore] pam_unix.so sha512" #- name: configure system settings, file descriptors and number of threads # pam_limits: # domain: '*' # limit_type: "{{item.limit_type}}" # limit_item: "{{item.limit_item}}" # value: "{{item.value}}" # with_items: # - { limit_type: '-', limit_item: 'nofile', value: 65536 } # - { limit_type: '-', limit_item: 'nproc', value: 65536 } ## - { limit_type: 'soft', limit_item: 'memlock', value: unlimited } ## - { limit_type: 'hard', limit_item: 'memlock', value: unlimited } #- name: reload settings from all system configuration files # shell: sysctl --system #- name: Creates directory systemd config # file: # path: /etc/systemd/system.conf.d # state: directory # owner: root # group: root # mode: 0775 #- name: Create systemd limits # copy: # src: systemd_limit.conf # dest: /etc/systemd/system.conf.d/limits.conf # owner: root # group: root # mode: 644