forked from OSAS/ansible-role-ansible_bastion
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
31 lines (18 loc) · 745 Bytes
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Ideas to make the bastion more secure
-------------------------------------
specific selinux policy for the user
- write the policy
- load/apply it
use a separate /tmp
automatically renew the ssh ( add a playbook for that )
make sure the firewall run ?
Features to add
---------------
Permit manual run from user ( sudo ) with git-shell and without, see ansible-rbac, of any playbooks
Verify tasks with ansible-lint before commit in the repo
Add a way to specify the ssh key for git with git-shell (look at freeipa and AuthorizedKeysCommand, or manual)
Playbook for updating ssh keys
- need to have a copy of the old private keys somewhere
Development
-----------
Add a .travis.yml for tasks/main.yml, check python and shell files.