35 lines
1 KiB
YAML
35 lines
1 KiB
YAML
|
---
|
||
|
|
- name: wrapper playbook for kitchen testing "ansible-ssh-hardening" with custom settings
|
||
|
|
hosts: localhost
|
||
|
|
pre_tasks:
|
||
|
|
- package: name="{{item}}" state=installed
|
||
|
|
with_items:
|
||
|
|
- "openssh-clients"
|
||
|
|
- "openssh-server"
|
||
|
|
ignore_errors: true
|
||
|
|
- apt: name="{{item}}" state=installed update_cache=true
|
||
|
|
with_items:
|
||
|
|
- "openssh-client"
|
||
|
|
- "openssh-server"
|
||
|
|
ignore_errors: true
|
||
|
|
- file: path="/var/run/sshd" state=directory
|
||
|
|
roles:
|
||
|
|
- ansible-ssh-hardening
|
||
|
|
vars:
|
||
|
|
network_ipv6_enable: true
|
||
|
|
ssh_allow_root_with_key: true
|
||
|
|
ssh_client_password_login: true
|
||
|
|
ssh_client_cbc_required: true
|
||
|
|
ssh_server_weak_hmac: true
|
||
|
|
ssh_client_weak_kex: true
|
||
|
|
ssh_remote_hosts:
|
||
|
|
- names: ['example.com', 'example2.com']
|
||
|
|
options: ['Port 2222', 'ForwardAgent yes']
|
||
|
|
- names: ['example3.com']
|
||
|
|
options: ['StrictHostKeyChecking no']
|
||
|
|
|
||
|
|
- name: wrapper playbook for kitchen testing "ansible-ssh-hardening" with default settings
|
||
|
|
hosts: localhost
|
||
|
|
roles:
|
||
|
|
- ansible-ssh-hardening
|