initial commit

roles/hardening/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+#- name: Disallow root SSH access
+#  lineinfile:
+#    dest: /etc/ssh/sshd_config 
+#    regexp: "^PermitRootLogin"
+#    line: "PermitRootLogin no"
+#    state: present
+#  notify: Restart ssh
+
+
+# untested on debian/ubuntu
+- name: disable services
+  service:
+    name: "{{ item }}"
+    state: stopped
+    enabled: no
+  with_items:
+    - postfix
+    - rpcbind
+    - rsyncd.service
+    - rsyncd.socket
+  ignore_errors: true
+
+- name: disable password auth
+  lineinfile:
+    dest: /etc/ssh/sshd_config 
+    regexp: "^PasswordAuthentication" 
+    line: "PasswordAuthentication no"
+    state: present
+  notify: restart sshd
+
+