32 lines
620 B
YAML
32 lines
620 B
YAML
---
|
|
#- name: Disallow root SSH access
|
|
# lineinfile:
|
|
# dest: /etc/ssh/sshd_config
|
|
# regexp: "^PermitRootLogin"
|
|
# line: "PermitRootLogin no"
|
|
# state: present
|
|
# notify: Restart ssh
|
|
|
|
|
|
# untested on debian/ubuntu
|
|
- name: disable services
|
|
service:
|
|
name: "{{ item }}"
|
|
state: stopped
|
|
enabled: no
|
|
with_items:
|
|
- postfix
|
|
- rpcbind
|
|
- rsyncd.service
|
|
- rsyncd.socket
|
|
ignore_errors: true
|
|
|
|
- name: disable password auth
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^PasswordAuthentication"
|
|
line: "PasswordAuthentication no"
|
|
state: present
|
|
notify: restart sshd
|
|
|
|
|