From: Levente Kálé <levente.kale@nokia.com>
Date: Fri, 27 Sep 2019 13:12:43 +0000 (+0000)
Subject: Merge "REC-417 Disable root login by changing root shell"
X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=commitdiff_plain;h=e046fa809793e964da3a9ab5c02557e7d77edb5b;hp=d7b7726ee314b105537a07118b417e549f6c6fd2

Merge "REC-417 Disable root login by changing root shell"
---

diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index d56e893..71218a0 100644
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -156,6 +156,16 @@
 - name: "Direct root Logins Not Allowed"
   shell: echo > /etc/securetty
 
+- name: Change 'root' shell to nologin
+  user:
+    name: root
+    shell: /sbin/nologin
+
+- name: Lock 'root' password
+  user:
+    name: root
+    password: '!!'
+
 #
 # Configure IPv6
 #