technolog/ansible
1
0
Fork 0
Code Issues Pull Requests Activity

Update linux/compliance.yaml

Browse Source
This commit is contained in:
iRaven 2025-04-10 02:29:39 -05:00
parent dcf2589c11
commit 6511cddca7
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
linux/compliance.yaml
View File

@ -7,6 +7,12 @@
tasks: tasks:
# Gather system groups
- name: Gather all system groups
ansible.builtin.getent:
database: group
split: ':'
# Check for package managers # Check for package managers
- name: Check for APT installation - name: Check for APT installation
stat: stat:
@ -49,7 +55,7 @@
name: ansible name: ansible
groups: wheel groups: wheel
append: yes append: yes
when: "'wheel' in groups" when: wheel in ansible_facts.getent_group
# Ansible user SSH pub key # Ansible user SSH pub key
# This is a really stupid way to do it, but alas. # This is a really stupid way to do it, but alas.
@ -106,21 +112,21 @@
name: nhadmin name: nhadmin
groups: wheel groups: wheel
append: yes append: yes
when: "'wheel' in groups" when: wheel in ansible_facts.getent_group
- name: Add nhadmin to sudo group. - name: Add nhadmin to sudo group.
user: user:
name: nhadmin name: nhadmin
groups: sudo groups: sudo
append: yes append: yes
when: "'sudo' in groups" when: wheel in ansible_facts.getent_group
- name: Add nhadmin to systemd-journal group. - name: Add nhadmin to systemd-journal group.
user: user:
name: nhadmin name: nhadmin
groups: systemd-journal groups: systemd-journal
append: yes append: yes
when: "'systemd-journal' in groups" when: wheel in ansible_facts.getent_group
# Sysadmin user SSH pub key # Sysadmin user SSH pub key
@ -155,7 +161,7 @@
line: "PubkeyAuthentication yes" line: "PubkeyAuthentication yes"
- name: Restart SSH service. - name: Restart SSH service.
service: service:
name: ssh name: sshd
state: restarted state: restarted
# Delete our network ansible key from the root user. # Delete our network ansible key from the root user.