Name: infra-ansible
Version: %{_version}
-Release: 9%{?dist}
+Release: 10%{?dist}
Summary: Contains ansible playbook and roles for Akraino rec blueprint
License: %{_platform_licence}
Source0: %{name}-%{version}.tar.gz
regexp: '^SHA_CRYPT_MIN_ROUNDS[\s]*[0-9]*$'
line: 'SHA_CRYPT_MIN_ROUNDS 5000'
+- name: "Set maximum number of password hash rounds"
+ lineinfile:
+ path: /etc/login.defs
+ regexp: '^SHA_CRYPT_MAX_ROUNDS[\s]*[0-9]*$'
+ line: 'SHA_CRYPT_MAX_ROUNDS 10000'
+
#
# Linux Failed password attempts
#
- { name: 'kernel.randomize_va_space', value: 2 }
- { name: 'kernel.core_pattern', value: '/var/core/core'}
- { name: 'kernel.kptr_restrict', value: 2 }
+ - { name: 'kernel.sysrq', value: 0 }
+ - { name: 'kernel.yama.ptrace_scope', value: 3 }
#
# Configure core dump
mkdir -p "$evac_dir"
fi
+# mirror the permissions of the existing directory
+oPerm=`stat -c '%a' ${evac_dir}`
+'
if [ ! -b $mount_vol_dev ];then
echo "Provided volume $mount_vol_dev is not a block device!!"
exit 1
mount $evac_dir
chown ${owner}:${group} ${evac_dir}
+chmod ${oPerm} ${evac_dir}
cp -rpf $tmp_dir/* ${evac_dir}/
rm -rf $tmp_dir
insertafter: '^[\s]*ListenAddress 0.0.0.0'
line: 'ListenAddress ::'
+- name: Enable verbose logging for SSH daemon
+ ssh_conf:
+ regexp: '[\s]*LogLevel"
+ values: "LogLevel VERBOSE"
+
- name: "Disable Kerberos Authentication"
ssh_conf:
regexp: '[\s]*KerberosAuthentication'