crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[base-security] Remove root authorized keys

certbot_on_virtu
Alexandre Iooss 2019-07-30 12:04:56 +02:00
parent bb4d0a6695
commit dfaa2a9313
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
base.yml
View File

@ -19,6 +19,7 @@
- silice.adm.crans.org - silice.adm.crans.org
roles: roles:
- debian-apt-sources - debian-apt-sources
- common-security
- common-tools - common-tools
- rsync-client - rsync-client
- ntp-client - ntp-client

9
roles/common-security/tasks/main.yml 100644
View File

@ -0,0 +1,9 @@
---
- name: Delete authorized SSH keys for root account
file:
path: "{{ item }}"
state: absent
loop:
- /root/.ssh/authorized_keys
- /root/.ssh/authorized_keys2

8
roles/ldap-client/tasks/main.yml
View File

@ -36,11 +36,3 @@
dest: /etc/pam.d/common-account dest: /etc/pam.d/common-account
regexp: 'pam_mkhomedir\.so' regexp: 'pam_mkhomedir\.so'
line: "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077" line: "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077"
# If LDAP crashes
- name: Install SSH keys for root account
authorized_key:
user: root
key: "{{ ssh_pub_keys }}"
state: present
exclusive: true