Merge pull request #20 from danielkubat/fixes

Various minor fixes
This commit is contained in:
Louis Abel 2020-12-11 19:50:44 -07:00 committed by GitHub
commit c8fe3b75cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 12 additions and 12 deletions

View File

@ -0,0 +1,2 @@
Defaults use_pty
Defaults logfile="/var/log/sudo.log"

View File

@ -7,15 +7,15 @@
sysctl_config: '{{ sysctl_config | combine(sysctl_overwrite) }}'
when: sysctl_overwrite | default()
- name: sysctl
- name: Kernel parameters
sysctl:
name: '{{ item.key }}'
value: '{{ item.value }}'
name: "{{ item.key }}"
value: "{{ item.value }}"
state: present
ignoreerrors: true
sysctl_set: true
sysctl_file: /etc/sysctl.d/99-ansible.conf
with_dict: '{{ sysctl_config }}'
with_dict: "{{ sysctl_config }}"
tags:
- harden
- kernel
@ -103,6 +103,7 @@
tags:
- harden
# TODO: Use pamd module to establish password policy
- name: pwquality - minlen
lineinfile:
line: "minlen = 14"
@ -188,7 +189,7 @@
name: "{{ item }}"
enabled: false
state: stopped
with_items: "{{ disable_svc }}"
loop: "{{ disable_svc }}"
register: service_check
failed_when: service_check is failed and not 'Could not find the requested service' in service_check.msg
tags:
@ -230,15 +231,13 @@
tags:
- harden
- name: cis sudoers configuration
- name: CIS sudoers configuration
copy:
dest: /etc/sudoers.d/cis
src: "etc/sudoers.d/cis"
dest: "/etc/sudoers.d/cis"
owner: root
group: root
mode: '0440'
content: |
Defaults use_pty
Defaults logfile="/var/log/sudo.log"
tags:
- harden

View File

@ -1,4 +1,3 @@
# Generated by Ansible
search {{ ipareplica_domain }}
nameserver {{ ipa_dns_master }}

View File

@ -19,7 +19,7 @@ remove_packages:
# security limits
limits:
- { domain: '*', limit_type: hard, limit_item: core, value: 0 }
- {domain: '*', limit_type: hard, limit_item: core, value: 0}
# sysctl settings
sysctl_config: