securiti
Some checks reported errors
continuous-integration/drone/push Build was killed

This commit is contained in:
Torma Kristóf 2023-07-25 16:07:49 +02:00
parent f23fa80a30
commit 42a6dc18e5
2 changed files with 20 additions and 61 deletions

View File

@ -14,6 +14,22 @@
owner: ansible@intra.tormakris.dev owner: ansible@intra.tormakris.dev
group: ansible@intra.tormakris.dev group: ansible@intra.tormakris.dev
- name: Check if group is presend in sudoers
ansible.builtin.lineinfile:
state: absent
path: /etc/sudoers
regexp: "^%linuxadmins"
check_mode: true
changed_when: false
register: checksudoers
- name: Define group in sudoers
ansible.builtin.lineinfile:
state: present
path: /etc/sudoers
line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
when: checksudoers.found == 0
- name: "Update authorized_keys of tormakris" - name: "Update authorized_keys of tormakris"
ansible.posix.authorized_key: ansible.posix.authorized_key:
user: tormakris@intra.tormakris.dev user: tormakris@intra.tormakris.dev

View File

@ -103,65 +103,8 @@
line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL" line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
when: checksudoers.found == 0 when: checksudoers.found == 0
- name: Remove misconfig from sshd - name: "Restart ssh"
ansible.builtin.lineinfile: ansible.builtin.service:
state: absent name: sshd
path: /etc/ssh/sshd_config state: restarted
line: "%linuxadmins@intra.tormakris.dev ALL=(ALL) NOPASSWD: ALL"
- name: Remove old AllowUsers
ansible.builtin.lineinfile:
state: absent
path: /etc/ssh/sshd_config
regexp: "^AllowUsers tormakris ansible service-user"
- name: Check if AllowUsers is defined
ansible.builtin.lineinfile:
state: absent
path: /etc/ssh/sshd_config
regexp: "intra.tormakris.dev"
check_mode: true
changed_when: false
register: checkallowusers
- name: Define AllowUsers if undefined
ansible.builtin.lineinfile:
state: present
path: /etc/ssh/sshd_config
line: "AllowUsers tormakris@intra.tormakris.dev ansible@intra.tormakris.dev service-user@intra.tormakris.dev"
when: checkallowusers.found == 0
- name: Create home for tormakris
ansible.builtin.command:
cmd: mkhomedir_helper tormakris@intra.tormakris.dev
- name: Create home for tormakris
ansible.builtin.command:
cmd: rm -rf /home/tormakris@intra.tormakris.dev/tormakris
- name: Copy tormakris home
ansible.builtin.copy:
src: /home/tormakris/
dest: /home/tormakris@intra.tormakris.dev/
remote_src: yes
owner: tormakris@intra.tormakris.dev
group: domain users@intra.tormakris.dev
- name: Create home for ansible
ansible.builtin.command:
cmd: mkhomedir_helper ansible@intra.tormakris.dev
- name: Copy ansible home
ansible.builtin.copy:
src: /home/ansible/
dest: /home/ansible@intra.tormakris.dev/
remote_src: yes
owner: tormakris@intra.tormakris.dev
group: domain users@intra.tormakris.dev
- name: "Update authorized_keys of tormakris"
ansible.posix.authorized_key:
user: tormakris@intra.tormakris.dev
state: present
key: https://static.tormakristof.eu/ssh.keys
... ...