From 8c21e1d365ffe5431a74bdcb500d51a26e4a9b39 Mon Sep 17 00:00:00 2001 From: Bryan Joshua Pedini Date: Sat, 3 Dec 2022 15:16:11 +0100 Subject: [PATCH] moved sshbanner to general, added to rhel environments --- sshbanner-bjphoster.yml | 5 ++++- tasks/{debian-general => general}/sshbanner-bjphoster.yml | 0 tasks/rhel-general/restart-ssh-service.yml | 5 +++++ tasks/rhel-general/sshbanner.yml | 7 +++++++ 4 files changed, 16 insertions(+), 1 deletion(-) rename tasks/{debian-general => general}/sshbanner-bjphoster.yml (100%) create mode 100644 tasks/rhel-general/restart-ssh-service.yml create mode 100644 tasks/rhel-general/sshbanner.yml diff --git a/sshbanner-bjphoster.yml b/sshbanner-bjphoster.yml index ddc180c..37ab4a0 100644 --- a/sshbanner-bjphoster.yml +++ b/sshbanner-bjphoster.yml @@ -2,5 +2,8 @@ - hosts: all become: true tasks: - - import_tasks: tasks/debian-general/sshbanner-bjphoster.yml + - import_tasks: tasks/general/sshbanner-bjphoster.yml - import_tasks: tasks/debian-general/sshbanner.yml + when: ansible_facts["os_family"] == "Debian" + - import_tasks: tasks/rhel-general/sshbanner.yml + when: ansible_facts["os_family"] == "RedHat" diff --git a/tasks/debian-general/sshbanner-bjphoster.yml b/tasks/general/sshbanner-bjphoster.yml similarity index 100% rename from tasks/debian-general/sshbanner-bjphoster.yml rename to tasks/general/sshbanner-bjphoster.yml diff --git a/tasks/rhel-general/restart-ssh-service.yml b/tasks/rhel-general/restart-ssh-service.yml new file mode 100644 index 0000000..e814d68 --- /dev/null +++ b/tasks/rhel-general/restart-ssh-service.yml @@ -0,0 +1,5 @@ +--- +- name: Restart SSH service to apply new rules + ansible.builtin.systemd: + name: sshd + state: restarted diff --git a/tasks/rhel-general/sshbanner.yml b/tasks/rhel-general/sshbanner.yml new file mode 100644 index 0000000..b335671 --- /dev/null +++ b/tasks/rhel-general/sshbanner.yml @@ -0,0 +1,7 @@ +--- +- name: Ensure SSH banner is uncommented and right path in /etc/ssh/sshd_config + ansible.builtin.lineinfile: + line: "Banner /etc/banner" + path: /etc/ssh/sshd_config + regexp: '^#\s*Banner.*$' +- import_tasks: restart-ssh-service.yml