Code Review
/
ta
/
infra-ansible.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
review
|
tree
raw
(from parent 1:
d7b7726
)
Merge "REC-417 Disable root login by changing root shell"
author
Levente Kálé
<levente.kale@nokia.com>
Fri, 27 Sep 2019 13:12:43 +0000
(13:12 +0000)
committer
Gerrit Code Review
<gerrit@akraino.org>
Fri, 27 Sep 2019 13:12:43 +0000
(13:12 +0000)
roles/ops-hardening/tasks/main.yaml
patch
|
blob
|
history
diff --git
a/roles/ops-hardening/tasks/main.yaml
b/roles/ops-hardening/tasks/main.yaml
index
d56e893
..
71218a0
100644
(file)
--- a/
roles/ops-hardening/tasks/main.yaml
+++ b/
roles/ops-hardening/tasks/main.yaml
@@
-156,6
+156,16
@@
- name: "Direct root Logins Not Allowed"
shell: echo > /etc/securetty
+- name: Change 'root' shell to nologin
+ user:
+ name: root
+ shell: /sbin/nologin
+
+- name: Lock 'root' password
+ user:
+ name: root
+ password: '!!'
+
#
# Configure IPv6
#