mirror of
https://github.com/nikdoof/ansible-cis.git
synced 2025-12-13 09:32:15 +00:00
23 lines
741 B
YAML
23 lines
741 B
YAML
---
|
|
- name: Set sshd_config file security
|
|
ansible.builtin.file:
|
|
path: /etc/ssh/sshd_config
|
|
owner: root
|
|
group: root
|
|
mode: "0600"
|
|
- name: Set SSHD configuration values
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^{{ item.key }}"
|
|
line: "{{ item.key }} {{ item.value }}"
|
|
notify: restart sshd
|
|
loop:
|
|
- { key: "X11Forwarding", value: "no" }
|
|
- { key: "MaxAuthTries", value: "4" }
|
|
- { key: "PermitRootLogin", value: "no" }
|
|
- { key: "PasswordAuthentication", value: "no" }
|
|
- { key: "PermitEmptyPasswords", value: "no" }
|
|
- { key: "PermitUserEnvironment", value: "no" }
|
|
- { key: "AllowTcpForwarding", value: "yes" }
|
|
- { key: "StreamLocalBindUnlink", value: "yes" }
|