diff --git a/cr-ansible/cr-ansible.yml b/cr-ansible/cr-ansible.yml new file mode 100644 index 0000000..7ca4ffe --- /dev/null +++ b/cr-ansible/cr-ansible.yml @@ -0,0 +1,48 @@ +- hosts: srv1 + tasks: + - name: Creation sioadm dans le groupe sudo + user: + name: sioadm + password: $1$SomeSalt$UqddPX3r4kH3UL5jq5/ZI. + groups: # Empty by default, here we give it some groups + - sudo + state: present + shell: /bin/bash # Defaults to /bin/bash + system: no # Defaults to no + createhome: yes # Defaults to yes + home: /home/sioadm # Defaults to /home/ + - name: Copie clé ssh + ansible.posix.authorized_key: + user: sioadm + state: present + key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" + - name: Suppression du paquet wpasupplicant + apt: + name: wpasupplicant + state: absent + - name: Suppression du paquet rpcbind + apt: + name: rpcbind + state: absent + - name: Remplacement /etc/resolv.conf + template: + src: /root/cr-ansible/resolv.conf + dest: /etc/resolv.conf + - name: Ajout de la ligne dans sshd_config + ansible.builtin.lineinfile: + path: /etc/ssh/sshd_config + line: PermitRootLogin prohibit-password + create: yes + - name: Ajout du paquet ufw + apt: + name: ufw + state: present + - name: refuse les connection et active ufw + community.general.ufw: + state: enabled + policy: deny + - name: Autoriser le port 22 + ufw: + rule: allow + port: 22 + proto: tcp diff --git a/cr-ansible/hosts b/cr-ansible/hosts new file mode 100644 index 0000000..270a106 --- /dev/null +++ b/cr-ansible/hosts @@ -0,0 +1,2 @@ +[srv] +srv1 diff --git a/cr-ansible/resolv.conf b/cr-ansible/resolv.conf new file mode 100644 index 0000000..352c7b7 --- /dev/null +++ b/cr-ansible/resolv.conf @@ -0,0 +1,4 @@ +search sio.lan +domain sio.lan +nameserver 10.121.38.7 +nameserver 10.121.38.8 diff --git a/ct-ansible.tar.gz b/ct-ansible.tar.gz deleted file mode 100644 index 2a7736a..0000000 Binary files a/ct-ansible.tar.gz and /dev/null differ