Secu root pour 1ere annee

Sio2/SISR/40-ansible/stlab.yml

@@ -0,0 +1,48 @@
+---
+- hosts: localhost
+  #  become: true
+  vars_prompt:
+    - name: username
+      prompt: Votre nom?
+      private: false
+
+  tasks:
+    - name: cree utilisateurs
+      shell: "curl depl.sio.lan/usr/mkusrlin-2024.sh|bash"
+
+    - name: mdp root verrouillage
+# avec mkpasswd -m SHA-512
+      ansible.builtin.user:
+        name: root
+        password: '$6$Ga8KbEYAgCZYGeDB$7zlfBy1j4koFv.NYQEeZa/k7pwjNTEI7hrWUlrHWTwd1YsEqm.Sy2DZ1GAFYe2qe4ZccMQJAt7QxILY1sd9AV0' 
+    - name: enleve sio de sudo
+      ansible.builtin.user:
+        name: sio
+        groups: ''
+
+    - name: met le user "{{ username }}" dans le groupe sudo
+      ansible.builtin.user:
+        name: "{{ username }}"
+        groups: sudo
+        append: yes
+
+    - name: installer systemd-journal-remote
+      apt:
+        name:
+          - systemd-journal-remote
+
+    - name: chnager adresse envoie log
+      replace:
+        path: /etc/systemd/journal-upload.conf
+        regexp: '^# URL='
+        replace: 'URL=http://192.168.0.1:19532'
+
+    - name: Enable systemd-journal-upload.service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        enabled: yes
+
+    - name: Restart systemd-journal-upload.service
+      ansible.builtin.service:
+        name: systemd-journal-upload.service
+        state: restarted