From 2d7c6c391d696e52a7985e1c002ece41bf4963ae Mon Sep 17 00:00:00 2001
From: root <massonclement3@gmail.com>
Date: Mon, 15 Jan 2024 15:13:46 +0100
Subject: [PATCH] Controle Ansible

---
 host          |  3 +++
 secureSRV.yml | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+)
 create mode 100644 host
 create mode 100644 secureSRV.yml

diff --git a/host b/host
new file mode 100644
index 0000000..1700a9d
--- /dev/null
+++ b/host
@@ -0,0 +1,3 @@
+host SRV
+   use root
+   hostname 192.168.0.25
diff --git a/secureSRV.yml b/secureSRV.yml
new file mode 100644
index 0000000..8bfcca5
--- /dev/null
+++ b/secureSRV.yml
@@ -0,0 +1,68 @@
+---
+- name: Sécuriation serveur Linux SRV
+  hosts: SRV
+  become: true
+  tasks:
+
+- name: (1) Création  de l'utilisateur sioadm avec son shell
+    user:
+      name: sioadm
+      password: "{{ 'sioadm' | password_hash('sha512') }}"
+      shell: /bin/bash
+    become: true
+
+- name: (2) Ajout de l'utilisateur au groupe sudo
+    user:
+      name: sioadm
+      groups: sudo
+    become: true
+
+- name: (3) Ajout de la clé publique SSH pour l'utilisateur sioadm
+    authorized_key:
+      user: sioadm
+      key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8ifEQg+3/x/bGrEhhDdhgbudHIxLqbYX3n7jZRCoKKAP7CUXxdq6WSSFiz3e0/UU/ppxzn335WC5MA47KjlbQ7PQVZz+uN6J+emUzFR+5zhBUJTz1gEBzrpCeBqjTXXZD4OoNRHCvlBXVfkP6TE1/iR4NIn7sl7Xwpn9ne1HoRjELz2sC0SdXzO0PIzr1Z8s/h3cZ8Pce10widOkBC3ZyioXHQwC3MXhoVD5NFEzRzjL8x2PJg6YNvI5LJMz6J53hI0hCzniiFLPYeTb/bUGhkubkfaa3QZTXzhhuZ/Wpaiacmpv5zlvyGo97LF2C20Z7vyixa9ocXPlC9WRPhEYROx/JDRPh2/hzHRe705t8buFu1hZMqdASjySpS5g+FQ7whIucGypxEUoRsyyrUpElciL685EjZVzY6seEGK5BIe4Za1Ti0vpVhW1eT5XRF8YcgRz9GJAMlgjJMZeqJzSa53GRY0NJMRMVszVPhVD79o9Aj6SUTbxKUA5V6obBPdU= sioadm@ctrl"
+    become: true
+
+- name: (4) Désintallation des paquets inutiles (wpasupplicant et rpcbind)
+    apt:
+      state: absent
+      name:
+      - wpasupplicant
+      - rpcbind
+     become: true
+
+- name: (5) Configuration du fichier /etc/resolv.conf
+    replace:
+      path: /etc/resolv.conf
+      regexp: '^(search|domain|nameserver).*'
+      replace: |
+        search sio.lan
+        domain sio.lan
+        nameserver 10.121.38.7
+        nameserver 10.121.38.8
+      become: true
+
+- name: (6) Configuration du paramétrage SSH
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^PermitRootLogin'
+    line: 'PermitRootLogin prohibit-password'
+    become: true
+
+- name: Redémarrage du service SSH
+  service:
+    name: ssh
+    state: restarted
+   become: true
+
+- name: (7)(Bonus) Activation du pare-feu UFW
+  apt:
+   name: ufw
+   state: present
+  become: true
+
+- name: (7) (Bonus) Autorisation du port 22 (SSH) sur le pare-feu
+  ufw:
+    rule: allow
+    port: 22
+  become: true