Code Review
/
ta
/
infra-ansible.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
review
|
tree
raw
|
patch
| inline |
side by side
(parent:
46035b4
)
REC-417 Disable root login by changing root shell
63/1663/1
author
ferenc.argay
<ferenc.argay@nokia.com>
Fri, 27 Sep 2019 12:53:54 +0000
(14:53 +0200)
committer
ferenc.argay
<ferenc.argay@nokia.com>
Fri, 27 Sep 2019 12:55:45 +0000
(14:55 +0200)
Change-Id: I6ebfa359694b2ec5c3162fd85a7d7a960a79c248
roles/ops-hardening/tasks/main.yaml
patch
|
blob
|
history
diff --git
a/roles/ops-hardening/tasks/main.yaml
b/roles/ops-hardening/tasks/main.yaml
index
d56e893
..
71218a0
100644
(file)
--- a/
roles/ops-hardening/tasks/main.yaml
+++ b/
roles/ops-hardening/tasks/main.yaml
@@
-156,6
+156,16
@@
- name: "Direct root Logins Not Allowed"
shell: echo > /etc/securetty
+- name: Change 'root' shell to nologin
+ user:
+ name: root
+ shell: /sbin/nologin
+
+- name: Lock 'root' password
+ user:
+ name: root
+ password: '!!'
+
#
# Configure IPv6
#