Code Review
/
ta
/
infra-ansible.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
| inline |
side by side
REC-417 Disable root login by changing root shell
[ta/infra-ansible.git]
/
roles
/
ops-hardening
/
tasks
/
main.yaml
diff --git
a/roles/ops-hardening/tasks/main.yaml
b/roles/ops-hardening/tasks/main.yaml
index
d56e893
..
71218a0
100644
(file)
--- a/
roles/ops-hardening/tasks/main.yaml
+++ b/
roles/ops-hardening/tasks/main.yaml
@@
-156,6
+156,16
@@
- name: "Direct root Logins Not Allowed"
shell: echo > /etc/securetty
+- name: Change 'root' shell to nologin
+ user:
+ name: root
+ shell: /sbin/nologin
+
+- name: Lock 'root' password
+ user:
+ name: root
+ password: '!!'
+
#
# Configure IPv6
#