X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=blobdiff_plain;f=roles%2Fops-hardening%2Ftasks%2Fmain.yaml;fp=roles%2Fops-hardening%2Ftasks%2Fmain.yaml;h=1ce68f25c0bd855307545a1d126b77831e4655e0;hp=24e52c1cc0dacded00583e3bc6bb6dd62ad2021a;hb=3711c3e8a073609f097d3346acb8add006a6dabc;hpb=c4369e76d0ea181f6e8e637f3704cb7356a9e104

diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 24e52c1..1ce68f2 100644
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -78,6 +78,12 @@
     regexp: '^SHA_CRYPT_MIN_ROUNDS[\s]*[0-9]*$'
     line: 'SHA_CRYPT_MIN_ROUNDS   5000'
 
+- name: "Set maximum number of password hash rounds"
+  lineinfile:
+    path: /etc/login.defs
+    regexp: '^SHA_CRYPT_MAX_ROUNDS[\s]*[0-9]*$'
+    line: 'SHA_CRYPT_MAX_ROUNDS   10000'
+
 #
 # Linux Failed password attempts
 #
@@ -312,6 +318,8 @@
     - { name: 'kernel.randomize_va_space', value: 2 }
     - { name: 'kernel.core_pattern', value: '/var/core/core'}
     - { name: 'kernel.kptr_restrict', value: 2 }
+    - { name: 'kernel.sysrq', value: 0 }
+    - { name: 'kernel.yama.ptrace_scope', value: 3 }
 
 #
 # Configure core dump