summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
407c56b)
Previous change introduced the ssh playbook to the world of
mismatched quotes. Bad idea, fixed.
also cleaned up a few more suspect things yamllint turned up.
signed-off-by: dave kormann <davek@research.att.com>
Change-Id: Ib8364126521434cfc0c44f193356147481d6e3f5
#
# tighten USB permissions
#
# tighten USB permissions
- name: Set USBGuard RestoreControllerDeviceState to false
lineinfile:
path: /etc/usbguard/usbguard-daemon.conf
- name: Set USBGuard RestoreControllerDeviceState to false
lineinfile:
path: /etc/usbguard/usbguard-daemon.conf
- Name: Ban suspect USB devices
blockinfile:
- Name: Ban suspect USB devices
blockinfile:
- # this isn't the optimal way to do this, i know, but i don't
+ # this isn't the optimal way to do this, i know, but i don't
# want to create a whole new template tree just to add this.
# want to create a whole new template tree just to add this.
- path: /etc/usbguard/rules.conf
+ path: /etc/usbguard/rules.conf
create: yes
owner: root
group: root
create: yes
owner: root
group: root
# enabled:
# xHCI controller/hub
allow with-interface equals { 09:00:00 }
# enabled:
# xHCI controller/hub
allow with-interface equals { 09:00:00 }
- # mass media — sites may want to consider restricting
+ # mass media — sites may want to consider restricting
# this to 08:06:50 to just get the virtual CDROM and ban
# this to 08:06:50 to just get the virtual CDROM and ban
allow with-interface equals { 08:*:* }
# ethernet
allow with-interface equals { 02:02:ff }
allow with-interface equals { 08:*:* }
# ethernet
allow with-interface equals { 02:02:ff }
- name: "Limit interactive session count to 2"
ssh_conf:
- name: "Limit interactive session count to 2"
ssh_conf:
- regexp: '[\s]*MaxSessions"
+ regexp: '[\s]*MaxSessions'
values: "MaxSessions 2\n"
- name: Banner creation
values: "MaxSessions 2\n"
- name: Banner creation
name: sshd
state: restarted
name: sshd
state: restarted
-- name : create a banner file
+- name: create a banner file
lineinfile:
path: /etc/banner
create: yes
lineinfile:
path: /etc/banner
create: yes