From: ferenc.argay <ferenc.argay@nokia.com>
Date: Fri, 27 Sep 2019 12:53:54 +0000 (+0200)
Subject: REC-417 Disable root login by changing root shell
X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=commitdiff_plain;h=9476b9bf21842abc1b805eb86276eada59f8c05c

REC-417 Disable root login by changing root shell

Change-Id: I6ebfa359694b2ec5c3162fd85a7d7a960a79c248
---

diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index d56e893..71218a0 100644
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -156,6 +156,16 @@
 - name: "Direct root Logins Not Allowed"
   shell: echo > /etc/securetty
 
+- name: Change 'root' shell to nologin
+  user:
+    name: root
+    shell: /sbin/nologin
+
+- name: Lock 'root' password
+  user:
+    name: root
+    password: '!!'
+
 #
 # Configure IPv6
 #