-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathremediate_rhel7.yml
39 lines (35 loc) · 1011 Bytes
/
remediate_rhel7.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
---
- name: Wait for connection...
ansible.builtin.wait_for_connection:
connect_timeout: 20
sleep: 5
delay: 5
timeout: 300
- name: Define kernel modules to unload
ansible.builtin.set_fact:
kernel_modules_to_unload:
- floppy
- pata_acpi
- name: Kernel modules defined by kernel_modules_to_unload are unloaded
community.general.modprobe:
name: "{{ item }}"
state: absent
loop: "{{ kernel_modules_to_unload }}"
- name: Remove pam_pkcs11 module # noqa command-instead-of-module
ansible.builtin.shell: |
set -o pipefail
leapp answer --section remove_pam_pkcs11_module_check.confirm=True
args:
executable: /bin/bash
- name: Configure sshd
ansible.builtin.lineinfile:
path: "/etc/ssh/sshd_config"
regex: "^(#)?{{ item.key }}"
line: "{{ item.key }} {{ item.value }}"
state: present
loop:
- {key: "PermitRootLogin", value: "prohibit-password"}
- {key: "PasswordAuthentication", value: "no"}
notify:
- Restart sshd
...