evolinux: groups for SSH configuration are used with Debian 10 and later
This commit is contained in:
parent
e79640d770
commit
8384e8ba43
|
@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release.
|
|||
### Added
|
||||
|
||||
### Changed
|
||||
* evolinux: groups for SSH configuration are used with Debian 10 and later
|
||||
* evolinux-base: fail2ban is not enabled by default
|
||||
* evolinux-users: refactoring of the SSH configuration
|
||||
* mysql-oracle: copy evolinux config files in mysql.cond.d
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
# We want to allow any user from a list of IP addresses to login with password,
|
||||
# but users of the "evolix" group can't login with password from other IP addresses
|
||||
|
||||
- name: Security directives for Evolinux (Debian 9 or later)"
|
||||
- name: Security directives for Evolinux (Debian 10 or later)"
|
||||
blockinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
block: |
|
||||
|
@ -27,9 +27,9 @@
|
|||
notify: reload sshd
|
||||
when:
|
||||
- evolinux_ssh_password_auth_addresses != []
|
||||
- ansible_distribution_major_version | version_compare('9', '>=')
|
||||
- ansible_distribution_major_version | version_compare('10', '>=')
|
||||
|
||||
- name: Security directives for Evolinux (Jessie)
|
||||
- name: Security directives for Evolinux (Jessie/Stretch)
|
||||
blockinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
block: |
|
||||
|
@ -41,7 +41,7 @@
|
|||
notify: reload sshd
|
||||
when:
|
||||
- evolinux_ssh_password_auth_addresses != []
|
||||
- ansible_distribution_release == "jessie"
|
||||
- ansible_distribution_major_version | version_compare('10', '<')
|
||||
|
||||
# We disable AcceptEnv because it can be a security issue, but also because we
|
||||
# do not want clients to push their environment variables like LANG.
|
||||
|
|
|
@ -43,18 +43,18 @@
|
|||
|
||||
# Unix groups
|
||||
|
||||
- name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 9 or later)"
|
||||
- name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 or later)"
|
||||
group:
|
||||
name: "{{ evolinux_ssh_group }}"
|
||||
state: present
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||
|
||||
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_ssh_group }}' (Debian 9 or later)"
|
||||
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_ssh_group }}' (Debian 10 or later)"
|
||||
user:
|
||||
name: '{{ user.name }}'
|
||||
groups: "{{ evolinux_ssh_group }}"
|
||||
append: yes
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||
|
||||
- name: "Secondary Unix groups are present"
|
||||
group:
|
||||
|
|
Loading…
Reference in New Issue