23 lines
521 B
YAML
23 lines
521 B
YAML
- name: Allow 'sudo' group to have passwordless sudo
|
|
lineinfile:
|
|
dest: /etc/sudoers
|
|
state: present
|
|
regexp: '^%sudo'
|
|
line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
|
|
validate: visudo -cf %s
|
|
|
|
- name: root login is disabled
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
state: present
|
|
line: 'PermitRootLogin no'
|
|
notify: restart sshd
|
|
|
|
- name: SSH Password auth is disabled
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
state: present
|
|
line: 'PasswordAuthentication no'
|
|
notify: restart sshd
|
|
|