majic-ansible-roles Changeset

Changeset - 9eca957bb9db

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 10 years ago 2015-03-08 11:20:24
branko@majic.rs

MAR-1: Configure private key directory permissions.

2 files changed with 8 insertions and 1 deletions:

docs/rolereference.rst

roles/common/tasks/main.yml

0 comments (0 inline, 0 general) First comment

docs/rolereference.rst

➞

Show inline comments

@@ @@ -196,6 +196,10 @@ The role implements the following: @@
 * Creates additional operating system users, as configured.
 * Hardens the SSH server by disabling remote ``root`` logins and password-based
   authentication.
 * Allows traversing of directory ``/etc/ssl/private/`` to everyone. This lets
   you put TLS private keys in central location where any operating system user
   can reach them provided they have appropriate read/write rights on the file
   itself, and provided they know the exact path of the file.
 Parameters

roles/common/tasks/main.yml

➞

Show inline comments

@@ @@ -45,4 +45,7 @@ @@
 - name: Disable remote login authentication via password
   lineinfile: dest="/etc/ssh/sshd_config" state=present regexp="^PasswordAuthentication" line="PasswordAuthentication no"
   notify:
     - Restart SSH
@@ \ No newline at end of file @@
     - Restart SSH
 - name: Allow users to traverse directories to TLS private key files
   file: path=/etc/ssl/private/ mode=o+x
@@ \ No newline at end of file @@

0 comments (0 inline, 0 general) First comment