From fd88abd865a05fb3b190ab2da77baf31b5afb1e5 Mon Sep 17 00:00:00 2001
From: root <massonclement3@gmail.com>
Date: Tue, 16 Jan 2024 12:39:43 +0100
Subject: [PATCH] version final

---
 secureSRV.yml | 22 ++++++----------------
 1 file changed, 6 insertions(+), 16 deletions(-)

diff --git a/secureSRV.yml b/secureSRV.yml
index 6ccc2f4..bda797c 100644
--- a/secureSRV.yml
+++ b/secureSRV.yml
@@ -1,35 +1,30 @@
----
-- name: Sécuriation serveur Linux SRV
+- name: Sécurisation serveur Linux SRV
   hosts: SRV
   become: true
   tasks:
 
-   - name: (1) Création  de l'utilisateur sioadm avec son shell
+   - name: (1) Création de l'utilisateur sioadm avec son shell
      user:
        name: sioadm
-       password: "{{ 'sioadm' | password_hash('sha512') }}"
+       password: "{{ 'sioadm' | password_hash('sha512')}}"
        shell: /bin/bash
-       become: true
 
    - name: (2) Ajout de l'utilisateur au groupe sudo
      user:
        name: sioadm
        groups: sudo
-       become: true
 
    - name: (3) Ajout de la clé publique SSH pour l'utilisateur sioadm
      authorized_key:
        user: sioadm
        key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8ifEQg+3/x/bGrEhhDdhgbudHIxLqbYX3n7jZRCoKKAP7CUXxdq6WSSFiz3e0/UU/ppxzn335WC5MA47KjlbQ7PQVZz+uN6J+emUzFR+5zhBUJTz1gEBzrpCeBqjTXXZD4OoNRHCvlBXVfkP6TE1/iR4NIn7sl7Xwpn9ne1HoRjELz2sC0SdXzO0PIzr1Z8s/h3cZ8Pce10widOkBC3ZyioXHQwC3MXhoVD5NFEzRzjL8x2PJg6YNvI5LJMz6J53hI0hCzniiFLPYeTb/bUGhkubkfaa3QZTXzhhuZ/Wpaiacmpv5zlvyGo97LF2C20Z7vyixa9ocXPlC9WRPhEYROx/JDRPh2/hzHRe705t8buFu1hZMqdASjySpS5g+FQ7whIucGypxEUoRsyyrUpElciL685EjZVzY6seEGK5BIe4Za1Ti0vpVhW1eT5XRF8YcgRz9GJAMlgjJMZeqJzSa53GRY0NJMRMVszVPhVD79o9Aj6SUTbxKUA5V6obBPdU= sioadm@ctrl"
-       become: true
 
-   - name: (4) Désintallation des paquets inutiles (wpasupplicant et rpcbind)
+   - name: (4) Désinstallation des paquets inutiles (wpasupplicant et rpcbind)
      apt:
        state: absent
        name:
-       - wpasupplicant
-       - rpcbind
-       become: true
+         - wpasupplicant
+         - rpcbind
 
    - name: (5) Configuration du fichier /etc/resolv.conf
      replace:
@@ -40,29 +35,24 @@
         domain sio.lan
         nameserver 10.121.38.7
         nameserver 10.121.38.8
-      become: true
 
    - name: (6) Configuration du paramétrage SSH
      lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin'
        line: 'PermitRootLogin prohibit-password'
-       become: true
 
    - name: Redémarrage du service SSH
      service:
       name: ssh
       state: restarted
-      become: true
 
    - name: (7)(Bonus) Activation du pare-feu UFW
      apt:
       name: ufw
       state: present
-      become: true
 
    - name: (7) (Bonus) Autorisation du port 22 (SSH) sur le pare-feu
      ufw:
       rule: allow
       port: 22
-      become: true