Merge "REC-417 Disable root login by changing root shell"

author Levente Kálé <levente.kale@nokia.com>

Fri, 27 Sep 2019 13:12:43 +0000 (13:12 +0000)

committer Gerrit Code Review <gerrit@akraino.org>

Fri, 27 Sep 2019 13:12:43 +0000 (13:12 +0000)
author Levente Kálé <levente.kale@nokia.com>
Fri, 27 Sep 2019 13:12:43 +0000 (13:12 +0000)
committer Gerrit Code Review <gerrit@akraino.org>
Fri, 27 Sep 2019 13:12:43 +0000 (13:12 +0000)
diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml

index d56e893..71218a0 100644 (file)
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -156,6 +156,16 @@
  - name: "Direct root Logins Not Allowed"
    shell: echo > /etc/securetty
  
+- name: Change 'root' shell to nologin
+  user:
+    name: root
+    shell: /sbin/nologin
+
+- name: Lock 'root' password
+  user:
+    name: root
+    password: '!!'
+
  #
  # Configure IPv6
  #
author	Levente Kálé <levente.kale@nokia.com>
	Fri, 27 Sep 2019 13:12:43 +0000 (13:12 +0000)
committer	Gerrit Code Review <gerrit@akraino.org>
	Fri, 27 Sep 2019 13:12:43 +0000 (13:12 +0000)