shhd_config
authoralexandre.domont@auf.org <alexandre.domont@auf.org>
Mon, 23 Jun 2014 16:54:52 +0000 (18:54 +0200)
committeralexandre.domont@auf.org <alexandre.domont@auf.org>
Mon, 23 Jun 2014 16:54:52 +0000 (18:54 +0200)
paris/serveurs/hosts
paris/serveurs/roles/ssh-server/handlers/main.yml [new file with mode: 0644]
paris/serveurs/roles/ssh-server/tasks/main.yml [new file with mode: 0644]
paris/serveurs/roles/upgrade/tasks/main.yml [new file with mode: 0644]
paris/serveurs/ssh-server.yml [new file with mode: 0644]

index 1512ba1..d0bb76e 100644 (file)
@@ -1,5 +1,8 @@
 #localhost
 
+[LOCAL]
+localhost
+
 [HEB]
 vzauf5.refer.org
 vzauf11.refer.org
diff --git a/paris/serveurs/roles/ssh-server/handlers/main.yml b/paris/serveurs/roles/ssh-server/handlers/main.yml
new file mode 100644 (file)
index 0000000..afe337c
--- /dev/null
@@ -0,0 +1,3 @@
+ - name: Restart sshd
+   service: name=ssh state=restarted
+
diff --git a/paris/serveurs/roles/ssh-server/tasks/main.yml b/paris/serveurs/roles/ssh-server/tasks/main.yml
new file mode 100644 (file)
index 0000000..5279f80
--- /dev/null
@@ -0,0 +1,35 @@
+# Le CT template doit avoir au minimum le user alex avec la clés SSH
+# Paquets indispensables : Sudo, SSH et Python
+
+  - name: PasswordAuthentication
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present
+    notify: 
+     - Restart sshd
+
+  - name: PermitRootLogin
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present 
+    notify: 
+     - Restart sshd
+
+  - name: X11Forwarding
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^X11Forwarding" line="X11Forwarding no" state=present
+    notify:
+     - Restart sshd
+
+  - name: ChallengeResponseAuthentication
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^ChallengeResponseAuthentication" line="ChallengeResponseAuthentication no" state=present
+    notify:
+     - Restart sshd
+
+  - name: UsePAM
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^UsePAM" line="UsePAM yes" state=present
+    notify:
+     - Restart sshd
+
+  - name: UseDNS
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^UseDNS" line="UseDNS no" state=present
+    notify:
+     - Restart sshd
+
+
+
diff --git a/paris/serveurs/roles/upgrade/tasks/main.yml b/paris/serveurs/roles/upgrade/tasks/main.yml
new file mode 100644 (file)
index 0000000..82c71d5
--- /dev/null
@@ -0,0 +1,13 @@
+# Upgarde
+
+#  - name: update
+#    apt: update_cache=yes
+
+#  - name: shell
+#    shell: apt-get -u upgrade 
+
+#  - name: upgrade safe
+#    apt: upgrade=safe
+
+
+
diff --git a/paris/serveurs/ssh-server.yml b/paris/serveurs/ssh-server.yml
new file mode 100644 (file)
index 0000000..277ff3a
--- /dev/null
@@ -0,0 +1,11 @@
+# file: ssh-server.yml
+# ansible-playbook -i hosts ssh-server.yml -K
+- hosts: LOCAL
+  user: alex
+  sudo: yes
+#  vars_prompt:
+#    name: "what is your name?"
+
+  roles:
+   - ssh-server