- hosts: localhost
tasks:
- lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
- name: Ensure the default Apache port is 8080
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^Listen '
insertafter: '^#Listen '
line: Listen 80
- name: disable passwd auth for ssh
lineinfile:
path: /etc/sudoers
regexp: '^PasswordAuthentication '
insertafter: '^#PasswordAuthentication '
line: PasswordAuthentication no
- name: Make sure group wheel is not in the sudoers configuration
lineinfile:
path: /etc/sudoers
state: absent
regexp: '^%wheel'
[root@localhost ~]# ansible-playbook hosts.yml
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [lineinfile] **************************************************************
ok: [localhost]
TASK [Ensure the default Apache port is 8080] **********************************
ok: [localhost]
TASK [disable passwd auth for ssh] *********************************************
ok: [localhost]
TASK [Make sure group wheel is not in the sudoers configuration] ***************
changed: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=5 changed=1 unreachable=0 failed=0
[root@localhost ~]# cat /etc/sudoers | grep Wheel
[root@localhost ~]# cat hosts.yml
---
- hosts: localhost
tasks:
- lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
- name: Ensure the default Apache port is 8080
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^Listen '
insertafter: '^#Listen '
line: Listen 80
- name: disable passwd auth for ssh
lineinfile:
path: /etc/sudoers
regexp: '^PasswordAuthentication '
insertafter: '^#PasswordAuthentication '
line: PasswordAuthentication no
- name: Make sure group wheel is in the sudoers configuration
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%wheel\s'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
[root@localhost ~]#
[root@localhost ~]# ansible-playbook hosts.yml
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [lineinfile] **************************************************************
ok: [localhost]
TASK [Ensure the default Apache port is 8080] **********************************
ok: [localhost]
TASK [disable passwd auth for ssh] *********************************************
ok: [localhost]
TASK [Make sure group wheel is not in the sudoers configuration] ***************
changed: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=5 changed=1 unreachable=0 failed=0 [root@localhost ~]# ansible-playbook hosts.yml
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [lineinfile] **************************************************************
ok: [localhost]
TASK [Ensure the default Apache port is 8080] **********************************
ok: [localhost]
TASK [disable passwd auth for ssh] *********************************************
ok: [localhost]
TASK [Make sure group wheel is in the sudoers configuration] ******************
changed: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=5 changed=1 unreachable=0 failed=0
[root@localhost ~]# cat /etc/sudoers | grep wheel
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: ALL
[root@localhost ~]#
tasks:
- lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
- name: Ensure the default Apache port is 8080
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^Listen '
insertafter: '^#Listen '
line: Listen 80
- name: disable passwd auth for ssh
lineinfile:
path: /etc/sudoers
regexp: '^PasswordAuthentication '
insertafter: '^#PasswordAuthentication '
line: PasswordAuthentication no
- name: Make sure group wheel is not in the sudoers configuration
lineinfile:
path: /etc/sudoers
state: absent
regexp: '^%wheel'
[root@localhost ~]# ansible-playbook hosts.yml
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [lineinfile] **************************************************************
ok: [localhost]
TASK [Ensure the default Apache port is 8080] **********************************
ok: [localhost]
TASK [disable passwd auth for ssh] *********************************************
ok: [localhost]
TASK [Make sure group wheel is not in the sudoers configuration] ***************
changed: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=5 changed=1 unreachable=0 failed=0
[root@localhost ~]# cat /etc/sudoers | grep Wheel
---
- hosts: localhost
tasks:
- lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=enforcing'
- name: Ensure the default Apache port is 8080
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^Listen '
insertafter: '^#Listen '
line: Listen 80
- name: disable passwd auth for ssh
lineinfile:
path: /etc/sudoers
regexp: '^PasswordAuthentication '
insertafter: '^#PasswordAuthentication '
line: PasswordAuthentication no
- name: Make sure group wheel is in the sudoers configuration
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%wheel\s'
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
[root@localhost ~]#
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [lineinfile] **************************************************************
ok: [localhost]
TASK [Ensure the default Apache port is 8080] **********************************
ok: [localhost]
TASK [disable passwd auth for ssh] *********************************************
ok: [localhost]
TASK [Make sure group wheel is not in the sudoers configuration] ***************
changed: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=5 changed=1 unreachable=0 failed=0 [root@localhost ~]# ansible-playbook hosts.yml
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [lineinfile] **************************************************************
ok: [localhost]
TASK [Ensure the default Apache port is 8080] **********************************
ok: [localhost]
TASK [disable passwd auth for ssh] *********************************************
ok: [localhost]
TASK [Make sure group wheel is in the sudoers configuration] ******************
changed: [localhost]
PLAY RECAP *********************************************************************
localhost : ok=5 changed=1 unreachable=0 failed=0
[root@localhost ~]# cat /etc/sudoers | grep wheel
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) NOPASSWD: ALL
%wheel ALL=(ALL) NOPASSWD: ALL
[root@localhost ~]#
Comments
Post a Comment