diff --git a/hosts b/hosts new file mode 100644 index 0000000..426a58a --- /dev/null +++ b/hosts @@ -0,0 +1,3 @@ +host SRV + use root + hostname 192.168.0.25 diff --git a/secureSRV.yml b/secureSRV.yml index 8bfcca5..6ccc2f4 100644 --- a/secureSRV.yml +++ b/secureSRV.yml @@ -4,35 +4,35 @@ become: true tasks: -- name: (1) Création de l'utilisateur sioadm avec son shell - user: - name: sioadm - password: "{{ 'sioadm' | password_hash('sha512') }}" - shell: /bin/bash - become: true + - name: (1) Création de l'utilisateur sioadm avec son shell + user: + name: sioadm + password: "{{ 'sioadm' | password_hash('sha512') }}" + shell: /bin/bash + become: true -- name: (2) Ajout de l'utilisateur au groupe sudo - user: - name: sioadm - groups: sudo - become: true + - name: (2) Ajout de l'utilisateur au groupe sudo + user: + name: sioadm + groups: sudo + become: true -- name: (3) Ajout de la clé publique SSH pour l'utilisateur sioadm - authorized_key: - user: sioadm - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8ifEQg+3/x/bGrEhhDdhgbudHIxLqbYX3n7jZRCoKKAP7CUXxdq6WSSFiz3e0/UU/ppxzn335WC5MA47KjlbQ7PQVZz+uN6J+emUzFR+5zhBUJTz1gEBzrpCeBqjTXXZD4OoNRHCvlBXVfkP6TE1/iR4NIn7sl7Xwpn9ne1HoRjELz2sC0SdXzO0PIzr1Z8s/h3cZ8Pce10widOkBC3ZyioXHQwC3MXhoVD5NFEzRzjL8x2PJg6YNvI5LJMz6J53hI0hCzniiFLPYeTb/bUGhkubkfaa3QZTXzhhuZ/Wpaiacmpv5zlvyGo97LF2C20Z7vyixa9ocXPlC9WRPhEYROx/JDRPh2/hzHRe705t8buFu1hZMqdASjySpS5g+FQ7whIucGypxEUoRsyyrUpElciL685EjZVzY6seEGK5BIe4Za1Ti0vpVhW1eT5XRF8YcgRz9GJAMlgjJMZeqJzSa53GRY0NJMRMVszVPhVD79o9Aj6SUTbxKUA5V6obBPdU= sioadm@ctrl" - become: true + - name: (3) Ajout de la clé publique SSH pour l'utilisateur sioadm + authorized_key: + user: sioadm + key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8ifEQg+3/x/bGrEhhDdhgbudHIxLqbYX3n7jZRCoKKAP7CUXxdq6WSSFiz3e0/UU/ppxzn335WC5MA47KjlbQ7PQVZz+uN6J+emUzFR+5zhBUJTz1gEBzrpCeBqjTXXZD4OoNRHCvlBXVfkP6TE1/iR4NIn7sl7Xwpn9ne1HoRjELz2sC0SdXzO0PIzr1Z8s/h3cZ8Pce10widOkBC3ZyioXHQwC3MXhoVD5NFEzRzjL8x2PJg6YNvI5LJMz6J53hI0hCzniiFLPYeTb/bUGhkubkfaa3QZTXzhhuZ/Wpaiacmpv5zlvyGo97LF2C20Z7vyixa9ocXPlC9WRPhEYROx/JDRPh2/hzHRe705t8buFu1hZMqdASjySpS5g+FQ7whIucGypxEUoRsyyrUpElciL685EjZVzY6seEGK5BIe4Za1Ti0vpVhW1eT5XRF8YcgRz9GJAMlgjJMZeqJzSa53GRY0NJMRMVszVPhVD79o9Aj6SUTbxKUA5V6obBPdU= sioadm@ctrl" + become: true -- name: (4) Désintallation des paquets inutiles (wpasupplicant et rpcbind) - apt: - state: absent - name: - - wpasupplicant - - rpcbind - become: true + - name: (4) Désintallation des paquets inutiles (wpasupplicant et rpcbind) + apt: + state: absent + name: + - wpasupplicant + - rpcbind + become: true -- name: (5) Configuration du fichier /etc/resolv.conf - replace: + - name: (5) Configuration du fichier /etc/resolv.conf + replace: path: /etc/resolv.conf regexp: '^(search|domain|nameserver).*' replace: | @@ -42,27 +42,27 @@ nameserver 10.121.38.8 become: true -- name: (6) Configuration du paramétrage SSH - lineinfile: - path: /etc/ssh/sshd_config - regexp: '^PermitRootLogin' - line: 'PermitRootLogin prohibit-password' - become: true + - name: (6) Configuration du paramétrage SSH + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^PermitRootLogin' + line: 'PermitRootLogin prohibit-password' + become: true -- name: Redémarrage du service SSH - service: - name: ssh - state: restarted - become: true + - name: Redémarrage du service SSH + service: + name: ssh + state: restarted + become: true -- name: (7)(Bonus) Activation du pare-feu UFW - apt: - name: ufw - state: present - become: true + - name: (7)(Bonus) Activation du pare-feu UFW + apt: + name: ufw + state: present + become: true -- name: (7) (Bonus) Autorisation du port 22 (SSH) sur le pare-feu - ufw: - rule: allow - port: 22 - become: true + - name: (7) (Bonus) Autorisation du port 22 (SSH) sur le pare-feu + ufw: + rule: allow + port: 22 + become: true