clement.masson/ct-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

version final

Browse Source
This commit is contained in:
root 2024-01-16 12:39:43 +01:00
parent cfd9a7ad6e
commit fd88abd865
1 changed files with 6 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
secureSRV.yml
View File

@ -1,35 +1,30 @@
--- - name: Sécurisation serveur Linux SRV
- name: Sécuriation serveur Linux SRV
hosts: SRV hosts: SRV
become: true become: true
tasks: tasks:
- name: (1) Création de l'utilisateur sioadm avec son shell - name: (1) Création de l'utilisateur sioadm avec son shell
user: user:
name: sioadm name: sioadm
password: "{{ 'sioadm' | password_hash('sha512') }}" password: "{{ 'sioadm' | password_hash('sha512')}}"
shell: /bin/bash shell: /bin/bash
become: true
- name: (2) Ajout de l'utilisateur au groupe sudo - name: (2) Ajout de l'utilisateur au groupe sudo
user: user:
name: sioadm name: sioadm
groups: sudo groups: sudo
become: true
- name: (3) Ajout de la clé publique SSH pour l'utilisateur sioadm - name: (3) Ajout de la clé publique SSH pour l'utilisateur sioadm
authorized_key: authorized_key:
user: sioadm user: sioadm
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8ifEQg+3/x/bGrEhhDdhgbudHIxLqbYX3n7jZRCoKKAP7CUXxdq6WSSFiz3e0/UU/ppxzn335WC5MA47KjlbQ7PQVZz+uN6J+emUzFR+5zhBUJTz1gEBzrpCeBqjTXXZD4OoNRHCvlBXVfkP6TE1/iR4NIn7sl7Xwpn9ne1HoRjELz2sC0SdXzO0PIzr1Z8s/h3cZ8Pce10widOkBC3ZyioXHQwC3MXhoVD5NFEzRzjL8x2PJg6YNvI5LJMz6J53hI0hCzniiFLPYeTb/bUGhkubkfaa3QZTXzhhuZ/Wpaiacmpv5zlvyGo97LF2C20Z7vyixa9ocXPlC9WRPhEYROx/JDRPh2/hzHRe705t8buFu1hZMqdASjySpS5g+FQ7whIucGypxEUoRsyyrUpElciL685EjZVzY6seEGK5BIe4Za1Ti0vpVhW1eT5XRF8YcgRz9GJAMlgjJMZeqJzSa53GRY0NJMRMVszVPhVD79o9Aj6SUTbxKUA5V6obBPdU= sioadm@ctrl" key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8ifEQg+3/x/bGrEhhDdhgbudHIxLqbYX3n7jZRCoKKAP7CUXxdq6WSSFiz3e0/UU/ppxzn335WC5MA47KjlbQ7PQVZz+uN6J+emUzFR+5zhBUJTz1gEBzrpCeBqjTXXZD4OoNRHCvlBXVfkP6TE1/iR4NIn7sl7Xwpn9ne1HoRjELz2sC0SdXzO0PIzr1Z8s/h3cZ8Pce10widOkBC3ZyioXHQwC3MXhoVD5NFEzRzjL8x2PJg6YNvI5LJMz6J53hI0hCzniiFLPYeTb/bUGhkubkfaa3QZTXzhhuZ/Wpaiacmpv5zlvyGo97LF2C20Z7vyixa9ocXPlC9WRPhEYROx/JDRPh2/hzHRe705t8buFu1hZMqdASjySpS5g+FQ7whIucGypxEUoRsyyrUpElciL685EjZVzY6seEGK5BIe4Za1Ti0vpVhW1eT5XRF8YcgRz9GJAMlgjJMZeqJzSa53GRY0NJMRMVszVPhVD79o9Aj6SUTbxKUA5V6obBPdU= sioadm@ctrl"
become: true
- name: (4) Désintallation des paquets inutiles (wpasupplicant et rpcbind) - name: (4) Désinstallation des paquets inutiles (wpasupplicant et rpcbind)
apt: apt:
state: absent state: absent
name: name:
- wpasupplicant - wpasupplicant
- rpcbind - rpcbind
become: true
- name: (5) Configuration du fichier /etc/resolv.conf - name: (5) Configuration du fichier /etc/resolv.conf
replace: replace:
@ -40,29 +35,24 @@
domain sio.lan domain sio.lan
nameserver 10.121.38.7 nameserver 10.121.38.7
nameserver 10.121.38.8 nameserver 10.121.38.8
become: true
- name: (6) Configuration du paramétrage SSH - name: (6) Configuration du paramétrage SSH
lineinfile: lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin' regexp: '^PermitRootLogin'
line: 'PermitRootLogin prohibit-password' line: 'PermitRootLogin prohibit-password'
become: true
- name: Redémarrage du service SSH - name: Redémarrage du service SSH
service: service:
name: ssh name: ssh
state: restarted state: restarted
become: true
- name: (7)(Bonus) Activation du pare-feu UFW - name: (7)(Bonus) Activation du pare-feu UFW
apt: apt:
name: ufw name: ufw
state: present state: present
become: true
- name: (7) (Bonus) Autorisation du port 22 (SSH) sur le pare-feu - name: (7) (Bonus) Autorisation du port 22 (SSH) sur le pare-feu
ufw: ufw:
rule: allow rule: allow
port: 22 port: 22
become: true