diff --git a/sshbanner-bjphoster.yml b/sshbanner-bjphoster.yml new file mode 100644 index 0000000..ddc180c --- /dev/null +++ b/sshbanner-bjphoster.yml @@ -0,0 +1,6 @@ +--- +- hosts: all + become: true + tasks: + - import_tasks: tasks/debian-general/sshbanner-bjphoster.yml + - import_tasks: tasks/debian-general/sshbanner.yml diff --git a/tasks/debian-general/restart-ssh-service.yml b/tasks/debian-general/restart-ssh-service.yml new file mode 100644 index 0000000..6b0a1bb --- /dev/null +++ b/tasks/debian-general/restart-ssh-service.yml @@ -0,0 +1,5 @@ +--- +- name: Restart SSH service to apply new rules + ansible.builtin.systemd: + name: ssh + state: restarted diff --git a/tasks/debian-general/sshbanner-bjphoster.yml b/tasks/debian-general/sshbanner-bjphoster.yml new file mode 100644 index 0000000..04a8d3f --- /dev/null +++ b/tasks/debian-general/sshbanner-bjphoster.yml @@ -0,0 +1,19 @@ +--- +- name: Ensure /etc/banner is populated with BJPHoster Network + ansible.builtin.copy: + dest: /etc/banner + content: | + |--------------------------------------| + | This is a private system managed | + | by the BJPHoster Private Network. | + | | + | Unless otherwise authorized you are | + | to leave this virtual premise | + | immediately, otherwise this will be | + | considered a security breach attempt | + | and will be reported to the | + | competent authorities and persecuted | + | to the extent permitted by the | + | applicable law of the country where | + | these systems reside. | + |--------------------------------------| diff --git a/tasks/debian-general/sshbanner.yml b/tasks/debian-general/sshbanner.yml new file mode 100644 index 0000000..b335671 --- /dev/null +++ b/tasks/debian-general/sshbanner.yml @@ -0,0 +1,7 @@ +--- +- name: Ensure SSH banner is uncommented and right path in /etc/ssh/sshd_config + ansible.builtin.lineinfile: + line: "Banner /etc/banner" + path: /etc/ssh/sshd_config + regexp: '^#\s*Banner.*$' +- import_tasks: restart-ssh-service.yml