Dirk
/
Ansible-Test
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Test Repo für Ansible Semaphore
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 Commits
1 Branch
0 Tags
148 KiB
 
Tree: a80032cc5d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a80032cc5d'
${ noResults }
Ansible-Test/ansible-harden_ssh.yml

89 lines
2.4 KiB
Raw Blame History

---
- name: Harden SSH Service
hosts: all
become: true
tasks:
- name: Install updates
apt:
update_cache: yes
upgrade: dist
when: ansible_os_family == 'Debian'
- name: Backup current SSH config file
copy:
src: /etc/ssh/sshd_config
dest: /etc/ssh/sshd_config.backup
owner: root
group: root
mode: '0644'
remote_src: yes
- name: Disable root SSH login
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
state: present
validate: '/usr/sbin/sshd -t -f %s'
# - name: Disable SSH password authentication
# lineinfile:
# path: /etc/ssh/sshd_config
# regexp: '^PasswordAuthentication'
# line: 'PasswordAuthentication no'
# state: present
# validate: '/usr/sbin/sshd -t -f %s'
#
- name: Disable empty passwords
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitEmptyPasswords'
line: 'PermitEmptyPasswords no'
state: present
validate: '/usr/sbin/sshd -t -f %s'
- name: Disable X11 forwarding
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^X11Forwarding'
line: 'X11Forwarding no'
state: present
validate: '/usr/sbin/sshd -t -f %s'
- name: Limit SSH protocol to 2
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^Protocol'
line: 'Protocol 2'
state: present
validate: '/usr/sbin/sshd -t -f %s'
- name: Set SSH LoginGraceTime to one minute
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^LoginGraceTime'
line: 'LoginGraceTime 1m'
state: present
validate: '/usr/sbin/sshd -t -f %s'
- name: Set maximum number of authentication attempts to 3
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^MaxAuthTries'
line: 'MaxAuthTries 9'
state: present
validate: '/usr/sbin/sshd -t -f %s'
# - name: Set maximum sessions per network connection to 2
# lineinfile:
# path: /etc/ssh/sshd_config
# regexp: '^MaxSessions'
# line: 'MaxSessions 2'
# state: present
# validate: '/usr/sbin/sshd -t -f %s'
#
- name: Restart SSH to apply changes
systemd:
name: ssh
state: restarted