Skip to content

Commit

Permalink
fix: become true
Browse files Browse the repository at this point in the history
  • Loading branch information
@dgibbs64
dgibbs64 committed May 12, 2024
1 parent 7c6156c commit c6d56bd
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions tasks/root_user.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,15 @@
when: first_contact_root_password_update and first_contact_root_password is none or (first_contact_root_password | default('')) == ''

- name: "Ensure correct first_contact_root_password is set: root"
become: true
ansible.builtin.user:
name: "root"
password: "{{ first_contact_root_password | password_hash('sha512') }}"
update_password: "always"
when: first_contact_root_password_update

- name: "Ensure SSH is disabled for root"
become: true
ansible.builtin.lineinfile:
path: "/etc/ssh/sshd_config"
regexp: "^PermitRootLogin"
Expand All @@ -21,20 +23,23 @@
when: first_contact_root_ssh_disable

- name: "Ensure root user login is disabled"
become: true
ansible.builtin.user:
name: "root"
shell: "/sbin/nologin"
state: present
when: first_contact_root_login_disable is true

- name: "Ensure root user login is enabled"
become: true
ansible.builtin.user:
name: "root"
shell: "/bin/bash"
state: present
when: first_contact_root_login_disable is false

- name: "Restart SSH service"
become: true
ansible.builtin.service:
name: sshd
state: restarted
Expand Down

0 comments on commit c6d56bd

Please sign in to comment.