Merge pull request #20 from danielkubat/fixes

Various minor fixes
2024-11-10 16:01:23 +00:00 · 2020-12-11 19:50:44 -07:00 · 2020-12-11 19:50:44 -07:00 · c8fe3b75cc
commit c8fe3b75cc
parent 70678528d0 c3dcc26f29
4 changed files with 12 additions and 12 deletions
--- a/ansible/playbooks/files/etc/sudoers.d/cis
+++ b/ansible/playbooks/files/etc/sudoers.d/cis
@ -0,0 +1,2 @@
+Defaults use_pty
+Defaults logfile="/var/log/sudo.log"
--- a/ansible/playbooks/tasks/harden.yml
+++ b/ansible/playbooks/tasks/harden.yml
@ -7,15 +7,15 @@
        sysctl_config: '{{ sysctl_config | combine(sysctl_overwrite) }}'
      when: sysctl_overwrite | default()

-    - name: sysctl
+    - name: Kernel parameters
      sysctl:
-        name: '{{ item.key }}'
-        value: '{{ item.value }}'
+        name: "{{ item.key }}"
+        value: "{{ item.value }}"
        state: present
        ignoreerrors: true
        sysctl_set: true
        sysctl_file: /etc/sysctl.d/99-ansible.conf
-      with_dict: '{{ sysctl_config }}'
+      with_dict: "{{ sysctl_config }}"
      tags:
        - harden
        - kernel
@ -103,6 +103,7 @@
      tags:
        - harden

+    # TODO: Use pamd module to establish password policy
    - name: pwquality - minlen
      lineinfile:
        line: "minlen = 14"
@ -188,7 +189,7 @@
    name: "{{ item }}"
    enabled: false
    state: stopped
-  with_items: "{{ disable_svc }}"
+  loop: "{{ disable_svc }}"
  register: service_check
  failed_when: service_check is failed and not 'Could not find the requested service' in service_check.msg
  tags:
@ -230,15 +231,13 @@
  tags:
    - harden

- name: cis sudoers configuration
+- name: CIS sudoers configuration
  copy:
-    dest: /etc/sudoers.d/cis
+    src: "etc/sudoers.d/cis"
+    dest: "/etc/sudoers.d/cis"
    owner: root
    group: root
    mode: '0440'
-    content: |
-      Defaults use_pty
-      Defaults logfile="/var/log/sudo.log"
  tags:
    - harden

--- a/ansible/playbooks/templates/etc/resolv.conf.j2
+++ b/ansible/playbooks/templates/etc/resolv.conf.j2
@ -1,4 +1,3 @@
 # Generated by Ansible
 search {{ ipareplica_domain }}
 nameserver {{ ipa_dns_master }}
-
--- a/ansible/playbooks/vars/RedHat.yml
+++ b/ansible/playbooks/vars/RedHat.yml
@ -19,7 +19,7 @@ remove_packages:

 # security limits
 limits:
-  - { domain: '*', limit_type: hard, limit_item: core, value: 0 }
+  - {domain: '*', limit_type: hard, limit_item: core, value: 0}

 # sysctl settings
 sysctl_config: