infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-11-22 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

linting

Browse Source
This commit is contained in:
nazunalika 2020-12-10 16:40:49 -07:00
parent e2626acf9f
commit ee72d1960f
4 changed files with 33 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ansible/playbooks/handlers/main.yml
View File

@ -13,3 +13,12 @@
service: service:
name: NetworkManager name: NetworkManager
state: reloaded state: reloaded
- name: regenerate_auditd_rules
command: /sbin/augenrules
- name: restart_auditd
service:
name: auditd
state: restarted

3
ansible/playbooks/init-rocky-system-config.yml
View File

@ -35,4 +35,7 @@
file: file:
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644'
user: root
group: root

31
ansible/playbooks/tasks/harden.yml
View File

@ -21,6 +21,9 @@
- name: security limits - name: security limits
copy: copy:
dest: "/etc/security/limits.d/cis.conf" dest: "/etc/security/limits.d/cis.conf"
user: root
group: root
mode: '0644'
content: | content: |
* hard core 0 * hard core 0
@ -116,20 +119,22 @@
regexp: '-b \d+' regexp: '-b \d+'
replace: '-b {{ audit_buffer }}' replace: '-b {{ audit_buffer }}'
notify: notify:
- regenerate auditd rules - regenerate_auditd_rules
tags: tags:
- harden - harden
- name: Ensure collection audit rules are available # Leaving this out for now as we don't know the implications of the audit rules
template: # on build systems yet.
src: "etc/audit/rules.d/collection.rules.j2" # - name: Ensure collection audit rules are available
dest: "/etc/audit/rules.d/collection.rules" # template:
owner: root # src: "etc/audit/rules.d/collection.rules.j2"
group: root # dest: "/etc/audit/rules.d/collection.rules"
backup: yes # owner: root
notify: # group: root
- regenerate auditd rules # backup: yes
- restart auditd # notify:
tags: # - regenerate_auditd rules
- harden # - restart_auditd
# tags:
# - harden

1
ansible/playbooks/tasks/ssh-config.yml
View File

@ -23,6 +23,7 @@
dest: "/etc/rockybanner" dest: "/etc/rockybanner"
owner: root owner: root
group: root group: root
mode: '0644'
notify: restart_ssh notify: restart_ssh
- name: Remove dsa keys - name: Remove dsa keys