From d20f9a5e615e48bbd13866615e7582cc3940f820 Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Thu, 21 Jan 2021 15:05:35 -0700
Subject: [PATCH] fix hardening

---
 ansible/playbooks/tasks/authentication.yml | 8 ++++----
 ansible/playbooks/vars/ipaserver.yml       | 2 ++
 2 files changed, 6 insertions(+), 4 deletions(-)
 create mode 100644 ansible/playbooks/vars/ipaserver.yml

diff --git a/ansible/playbooks/tasks/authentication.yml b/ansible/playbooks/tasks/authentication.yml
index 227f3c3..14794c9 100644
--- a/ansible/playbooks/tasks/authentication.yml
+++ b/ansible/playbooks/tasks/authentication.yml
@@ -35,18 +35,18 @@
 
     - name: Override system-auth and password-auth
       copy:
-        src: "etc/authselect/custom/sssd-aoc/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-system-auth"
+        src: "etc/authselect/custom/sssd-rocky/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-system-auth"
         dest: "{{ item }}"
         owner: root
         group: root
         mode: '0644'
       loop:
-        - /etc/authselect/custom/sssd-aoc/system-auth
-        - /etc/authselect/custom/sssd-aoc/password-auth
+        - /etc/authselect/custom/sssd-rocky/system-auth
+        - /etc/authselect/custom/sssd-rocky/password-auth
 
     - name: Select New Profile
       command: >
-        /usr/bin/authselect select custom/sssd-aoc
+        /usr/bin/authselect select custom/sssd-rocky
         without-nullok
         with-faillock
         with-mkhomedir
diff --git a/ansible/playbooks/vars/ipaserver.yml b/ansible/playbooks/vars/ipaserver.yml
new file mode 100644
index 0000000..b6854f0
--- /dev/null
+++ b/ansible/playbooks/vars/ipaserver.yml
@@ -0,0 +1,2 @@
+---
+ipatype: server