deploy-base/roles/hardening/tasks/main.yml

---
#- name: Disallow root SSH access
#  lineinfile:
#    dest: /etc/ssh/sshd_config 
#    regexp: "^PermitRootLogin"
#    line: "PermitRootLogin no"
#    state: present
#  notify: Restart ssh


# untested on debian/ubuntu
- name: disable services
  service:
    name: "{{ item }}"
    state: stopped
    enabled: no
  with_items:
    - postfix
    - rpcbind
    - rsyncd.service
    - rsyncd.socket
  ignore_errors: true

- name: disable password auth
  lineinfile:
    dest: /etc/ssh/sshd_config 
    regexp: "^PasswordAuthentication" 
    line: "PasswordAuthentication no"
    state: present
  notify: restart sshd
initial commit 2019-02-26 03:49:51 +00:00			`---`
			`#- name: Disallow root SSH access`
			`# lineinfile:`
			`# dest: /etc/ssh/sshd_config`
			`# regexp: "^PermitRootLogin"`
			`# line: "PermitRootLogin no"`
			`# state: present`
			`# notify: Restart ssh`


			`# untested on debian/ubuntu`
			`- name: disable services`
			`service:`
			`name: "{{ item }}"`
			`state: stopped`
			`enabled: no`
			`with_items:`
			`- postfix`
			`- rpcbind`
			`- rsyncd.service`
			`- rsyncd.socket`
			`ignore_errors: true`

			`- name: disable password auth`
			`lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: "^PasswordAuthentication"`
			`line: "PasswordAuthentication no"`
			`state: present`
			`notify: restart sshd`