kubeasz/roles/os-harden/tasks/hardening.yml

65 lines
1.4 KiB
YAML
Raw Normal View History

2018-09-17 23:23:56 +08:00
---
- name: Set OS family dependent variables
2021-01-19 23:35:31 +08:00
include_vars: '{{ ansible_facts.os_family }}.yml'
2018-09-17 23:23:56 +08:00
tags: always
- name: Set OS dependent variables
include_vars: '{{ item }}'
with_first_found:
- files:
2021-01-19 23:35:31 +08:00
- '{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_major_version }}.yml'
- '{{ ansible_facts.distribution }}.yml'
- '{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml'
2018-09-17 23:23:56 +08:00
skip: true
tags: always
- import_tasks: auditd.yml
tags: auditd
2021-01-19 23:35:31 +08:00
when: os_auditd_enabled | bool
2018-09-17 23:23:56 +08:00
- import_tasks: limits.yml
tags: limits
- import_tasks: login_defs.yml
tags: login_defs
- import_tasks: minimize_access.yml
tags: minimize_access
- import_tasks: pam.yml
tags: pam
- import_tasks: modprobe.yml
tags: modprobe
- import_tasks: profile.yml
tags: profile
- import_tasks: securetty.yml
tags: securetty
- import_tasks: suid_sgid.yml
2021-01-19 23:35:31 +08:00
when: os_security_suid_sgid_enforce | bool
2018-09-17 23:23:56 +08:00
tags: suid_sgid
- import_tasks: sysctl.yml
tags: sysctl
- import_tasks: user_accounts.yml
tags: user_accounts
- import_tasks: rhosts.yml
tags: rhosts
- import_tasks: yum.yml
2021-01-19 23:35:31 +08:00
when: ansible_facts.os_family == 'RedHat'
2018-09-17 23:23:56 +08:00
tags: yum
- import_tasks: apt.yml
2021-01-19 23:35:31 +08:00
when: ansible_facts.distribution in ['Debian', 'Ubuntu']
2018-09-17 23:23:56 +08:00
tags: apt
2021-01-19 23:35:31 +08:00
- import_tasks: selinux.yml
tags: selinux
when: ansible_facts.selinux.status == 'enabled'