Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2134 from shawndwells/more_ansible
Additional Ansible Scripts
- Loading branch information
Showing
51 changed files
with
495 additions
and
117 deletions.
There are no files selected for viewing
8 changes: 4 additions & 4 deletions
8
shared/templates/static/ansible/accounts_logon_fail_delay.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,9 @@ | ||
# platform = multi_platform_rhel | ||
- name: "Set accounts logon fail delay to (ansible-populate var_accounts_fail_delay)" | ||
- name: Set accounts logon fail delay to (ansible-populate var_accounts_fail_delay) | ||
lineinfile: | ||
dest="/etc/login.defs" | ||
regexp="^FAIL_DELAY" | ||
line="FAIL_DELAY (ansible-populate var_accounts_fail_delay)" | ||
dest: /etc/login.defs | ||
regexp: ^FAIL_DELAY | ||
line: FAIL_DELAY (ansible-populate var_accounts_fail_delay) | ||
tags: | ||
@ANSIBLE_TAGS@ | ||
|
14 changes: 14 additions & 0 deletions
14
shared/templates/static/ansible/accounts_max_concurrent_login_sessions.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# platform = multi_platform_fedora, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 6 | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: "Limit the Number of Concurrent Login Sessions Allowed Per User" | ||
lineinfile: | ||
state: present | ||
dest: /etc/security/limits.conf | ||
insertbefore: '^# End of file' | ||
regexp: '^#?\\*.*maxlogins' | ||
line: '* hard maxlogins (ansible-populate var_accounts_max_concurrent_login_sessions)' | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/accounts_maximum_age_login_defs.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Set Password Maximum Age | ||
lineinfile: | ||
create: yes | ||
dest: /etc/login.defs | ||
regexp: ^#?PASS_MAX_DAYS | ||
line: PASS_MAX_DAYS (ansible-populate var_accounts_maximum_age_login_defs) | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/accounts_minimum_age_login_defs.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Set Password Minimum Age | ||
lineinfile: | ||
create: yes | ||
dest: /etc/login.defs | ||
regexp: ^#?PASS_MIN_DAYS | ||
line: PASS_MIN_DAYS (ansible-populate var_accounts_minimum_age_login_defs) | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/accounts_password_minlen_login_defs.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: "Set Password Minimum Length in login.defs" | ||
lineinfile: | ||
dest: /etc/login.defs | ||
regexp: "^PASS_MIN_LEN *[0-9]*" | ||
state: present | ||
line: "PASS_MIN_LEN (ansible-populate var_accounts_password_minlen_login_defs)" | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/accounts_password_pam_maxclassrepeat.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: | ||
lineinfile: | ||
create: yes | ||
dest: /etc/security/pwquality.conf | ||
regexp: '^#?\s*maxclassrepeat' | ||
line: maxclassrepeat = (ansible-populate var_password_pam_maxclassrepeat) | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/accounts_password_pam_maxrepeat.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Set Password Maximum Consecutive Repeating Characters | ||
lineinfile: | ||
create: yes | ||
dest: /etc/security/pwquality.conf | ||
regexp: '^#?\s*maxrepeat' | ||
line: maxrepeat = (ansible-populate var_password_pam_maxrepeat) | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/accounts_password_pam_minlen.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Set Password Minimum Length - /etc/security/pwquality.conf | ||
lineinfile: | ||
dest: /etc/security/pwquality.conf | ||
regexp: ^minlen = | ||
state: present | ||
line: minlen = (ansible-populate var_password_pam_minlen) | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/accounts_password_warn_age_login_defs.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: "Set Password Warning Age" | ||
lineinfile: | ||
dest: /etc/login.defs | ||
regexp: "^PASS_WARN_AGE *[0-9]*" | ||
state: present | ||
line: "PASS_WARN_AGE (ansible-populate var_accounts_password_warn_age_login_defs)" | ||
tags: | ||
@ANSIBLE_TAGS@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Set Interactive Session Timeout | ||
lineinfile: | ||
create: yes | ||
dest: /etc/profile | ||
regexp: ^#?TMOUT | ||
line: TMOUT=(ansible-populate var_accounts_tmout) | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/auditd_data_retention_action_mail_acct.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Configure auditd mail_acct Action on Low Disk Space | ||
lineinfile: | ||
dest: /etc/audit/auditd.conf | ||
line: "action_mail_acct = (ansible-populate var_auditd_action_mail_acct)" | ||
state: present | ||
#notify: reload auditd | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/auditd_data_retention_admin_space_left_action.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Configure auditd admin_space_left Action on Low Disk Space | ||
lineinfile: | ||
dest: /etc/audit/auditd.conf | ||
line: "admin_space_left_action = (ansible-populate var_auditd_admin_space_left_action)" | ||
regexp: "^admin_space_left_action*" | ||
#notify: reload auditd | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/auditd_data_retention_flush.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Configure auditd Flush Priority | ||
lineinfile: | ||
dest: /etc/audit/auditd.conf | ||
regexp: '.*flush.*' | ||
line: flush = data | ||
#notify: reload auditd | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/auditd_data_retention_max_log_file.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Configure auditd Max Log File Size | ||
lineinfile: | ||
dest: /etc/audit/auditd.conf | ||
line: "max_log_file (ansible-populate var_auditd_max_log_file)" | ||
state: present | ||
#notify: reload auditd | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/auditd_data_retention_max_log_file_action.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Configure auditd max_log_file_action Upon Reaching Maximum Log Size | ||
lineinfile: | ||
dest: /etc/audit/auditd.conf | ||
line: "max_log_file_action (ansible-populate var_auditd_max_log_file_action)" | ||
state: present | ||
#notify: reload auditd | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/auditd_data_retention_space_left_action.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: Configure auditd space_left Action on Low Disk Space | ||
lineinfile: | ||
dest: /etc/audit/auditd.conf | ||
line: space_left_action = (ansible-populate var_auditd_space_left_action) | ||
regexp: ^space_left_action* | ||
#notify: reload auditd | ||
tags: | ||
@ANSIBLE_TAGS@ |
9 changes: 9 additions & 0 deletions
9
shared/templates/static/ansible/bootloader_audit_argument.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = true | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: "Enable Auditing for Processes Which Start Prior to the Audit Daemon" | ||
shell: /sbin/grubby --update-kernel=ALL --args="audit=1" | ||
tags: | ||
@ANSIBLE_TAGS@ |
13 changes: 13 additions & 0 deletions
13
shared/templates/static/ansible/clean_components_post_updating.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: "Ensure YUM Removes Previous Package Versions" | ||
lineinfile: | ||
dest: /etc/yum.conf | ||
regexp: ^#?clean_requirements_on_remove | ||
line: clean_requirements_on_remove=1 | ||
insertafter: '\[main\]' | ||
tags: | ||
@ANSIBLE_TAGS@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
shared/templates/static/ansible/ensure_gpgcheck_never_disabled.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# platform = multi_platform_rhel | ||
# reboot = false | ||
# strategy = unknown | ||
# complexity = low | ||
# disruption = medium | ||
# | ||
- name: Find All Yum Repositories | ||
find: | ||
paths: "/etc/yum.repos.d/" | ||
patterns: "*.repo" | ||
register: yum_find | ||
|
||
- name: Ensure gpgcheck Enabled For All Yum Package Repositories | ||
with_items: "{{ yum_find.files }}" | ||
lineinfile: | ||
create: yes | ||
dest: "{{ item.path }}" | ||
regexp: '^gpgcheck' | ||
line: 'gpgcheck=1' | ||
tags: | ||
@ANSIBLE_TAGS@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- name: "Direct root Logins Not Allowed" | ||
shell: echo > /etc/securetty | ||
tags: | ||
@ANSIBLE_TAGS@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# platform = multi_platform_rhel,multi_platform_fedora | ||
# reboot = false | ||
# strategy = restrict | ||
# complexity = low | ||
# disruption = low | ||
- block: | ||
- name: "Detect shosts.equiv Files on the System" | ||
find: | ||
paths: / | ||
recurse: yes | ||
patterns: shosts.equiv | ||
check_mode: no | ||
register: shosts_equiv_locations | ||
|
||
- name: "Remove Rsh Trust Files" | ||
file: | ||
path: "{{ item.path }}" | ||
state: absent | ||
with_items: "{{ shosts_equiv_locations }}" | ||
when: shosts_equiv_locations | ||
tags: | ||
@ANSIBLE_TAGS@ |
Oops, something went wrong.