- line: 'SHA_CRYPT_MIN_ROUNDS 5000'
+ line: 'SHA_CRYPT_MIN_ROUNDS 10000'
+
+- name: "Set maximum number of password hash rounds"
+ lineinfile:
+ path: /etc/login.defs
+ regexp: '^SHA_CRYPT_MAX_ROUNDS[\s]*[0-9]*$'
+ line: 'SHA_CRYPT_MAX_ROUNDS 10000'
- { name: 'net.ipv6.conf.all.accept_ra', value: 0 }
- { name: 'net.ipv6.conf.default.accept_ra', value: 0 }
- { name: 'net.ipv6.conf.all.accept_redirects', value: 0 }
- { name: 'net.ipv6.conf.default.accept_redirects', value: 0 }
- { name: 'net.ipv6.conf.all.accept_ra', value: 0 }
- { name: 'net.ipv6.conf.default.accept_ra', value: 0 }
- { name: 'net.ipv6.conf.all.accept_redirects', value: 0 }
- { name: 'net.ipv6.conf.default.accept_redirects', value: 0 }
- { name: 'kernel.randomize_va_space', value: 2 }
- { name: 'kernel.core_pattern', value: '/var/core/core'}
- { name: 'kernel.kptr_restrict', value: 2 }
- { name: 'kernel.randomize_va_space', value: 2 }
- { name: 'kernel.core_pattern', value: '/var/core/core'}
- { name: 'kernel.kptr_restrict', value: 2 }
+# Confingure kernel dump
+- name: "Disable kernel dump service"
+ shell: systemctl stop kdump.service
+
+- name: "Disable kernel dump service"
+ shell: systemctl disable kdump.service
+