-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecuritycheck.yml
37 lines (35 loc) · 1.24 KB
/
securitycheck.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
- name: Check security of Linux
hosts: all
become: yes
become_user: root
tasks:
- name: Check for SSH root login
shell: grep "PermitRootLogin" /etc/ssh/sshd_config | awk '{print $2}'
register: ssh_root_login
- name: Print SSH root login status
debug:
msg: "SSH root login is {{ ssh_root_login.stdout }}"
- name: Check for password authentication in SSH
shell: grep "PasswordAuthentication" /etc/ssh/sshd_config | awk '{print $2}'
register: ssh_password_auth
- name: Print SSH password authentication status
debug:
msg: "SSH password authentication is {{ ssh_password_auth.stdout }}"
- name: Check for password policy
shell: grep "PASS_MAX_DAYS\|PASS_MIN_DAYS\|PASS_WARN_AGE" /etc/login.defs
register: password_policy
- name: Print password policy
debug:
msg: "{{ password_policy.stdout }}"
- name: Check for firewall rules
shell: ufw status
register: firewall_rules
- name: Print firewall rules
debug:
msg: "{{ firewall_rules.stdout }}"
# - name: Check for SELinux status
# shell: sestatus
# register: selinux_status
# - name: Print SELinux status
# debug:
# msg: "{{ selinux_status.stdout }}"