Comments (3)
Hi @cleberb, and thanks for the kind words regarding the role.
To be honest, I hadn't given this much thought before your issue and would have recommended writing additional roles to handle the changes you wanted.
I'll add support for template variables as described in the link as soon as possible.
from ansible-role-hardening.
Functional, here's a small test:
requirements.yml
:
roles:
- src: https://github.com/konstruktoid/ansible-role-hardening.git
name: konstruktoid.hardening
scm: git
version: issue391
Install role:
# ansible-galaxy install --force -r requirements.yml
issue.j2
:
____________________________________________________________________________
| |
| !!! ATENCAO !!! |
| |
| A utilizacao do sistema e restrita somente a usuarios autorizados. |
| Todas as acoes executadas sao monitoradas e a utilizacao indevida |
| podera surtir acoes legais! |
| |
| XXXXXX - INFRAESTRUTURA DE TI |
|____________________________________________________________________________|
Playbook playbook_teste.yml
:
---
- name: Initial instance configuration
hosts: all
become: true
tasks:
- name: Configure issue/motd
include_role:
name: konstruktoid.hardening
tasks_from: "issue.yml"
vars:
issue_template: issue.j2
motd_template: issue.j2
Test:
ansible-playbook --check --diff playbook_teste.yml -l teste
PLAY [Initial instance configuration] ***************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************
sexta 22 setembro 2023 12:21:47 -0300 (0:00:00.087) 0:00:00.087 ********
ok: [teste]
TASK [Configure issue/motd] *************************************************************************************************************************************************************
sexta 22 setembro 2023 12:21:50 -0300 (0:00:03.002) 0:00:03.090 ********
TASK [konstruktoid.hardening : Add motd file] *******************************************************************************************************************************************
sexta 22 setembro 2023 12:21:50 -0300 (0:00:00.109) 0:00:03.199 ********
--- before
+++ after: /home/cleberson/.ansible/tmp/ansible-local-1638653w3muw8/tmpkmwrp64y/issue.j2
@@ -0,0 +1,10 @@
+ ____________________________________________________________________________
+| |
+| !!! ATENCAO !!! |
+| |
+| A utilizacao do sistema e restrita somente a usuarios autorizados. |
+| Todas as acoes executadas sao monitoradas e a utilizacao indevida |
+| podera surtir acoes legais! |
+| |
+| XXXXXX - INFRAESTRUTURA DE TI |
+|____________________________________________________________________________|
changed: [teste]
TASK [konstruktoid.hardening : Add issue and issue.net files] ***************************************************************************************************************************
sexta 22 setembro 2023 12:21:52 -0300 (0:00:01.584) 0:00:04.784 ********
--- before: /etc/issue
+++ after: /home/cleberson/.ansible/tmp/ansible-local-1638653w3muw8/tmpig7bfgob/issue.j2
@@ -1,2 +1,10 @@
-Ubuntu 22.04.3 LTS \n \l
-
+ ____________________________________________________________________________
+| |
+| !!! ATENCAO !!! |
+| |
+| A utilizacao do sistema e restrita somente a usuarios autorizados. |
+| Todas as acoes executadas sao monitoradas e a utilizacao indevida |
+| podera surtir acoes legais! |
+| |
+| XXXXXX - INFRAESTRUTURA DE TI |
+|____________________________________________________________________________|
changed: [teste] => (item=/etc/issue)
--- before: /etc/issue.net
+++ after: /home/cleberson/.ansible/tmp/ansible-local-1638653w3muw8/tmp16guiblg/issue.j2
@@ -1 +1,10 @@
-Ubuntu 22.04.3 LTS
+ ____________________________________________________________________________
+| |
+| !!! ATENCAO !!! |
+| |
+| A utilizacao do sistema e restrita somente a usuarios autorizados. |
+| Todas as acoes executadas sao monitoradas e a utilizacao indevida |
+| podera surtir acoes legais! |
+| |
+| XXXXXX - INFRAESTRUTURA DE TI |
+|____________________________________________________________________________|
changed: [teste] => (item=/etc/issue.net)
PLAY RECAP ******************************************************************************************************************************************************************************
teste : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
sexta 22 setembro 2023 12:21:55 -0300 (0:00:03.196) 0:00:07.981 ********
===============================================================================
konstruktoid.hardening : Add issue and issue.net files --------------------------------------------------------------------------------------------------------------------------- 3.20s
Gathering Facts ------------------------------------------------------------------------------------------------------------------------------------------------------------------ 3.00s
konstruktoid.hardening : Add motd file ------------------------------------------------------------------------------------------------------------------------------------------- 1.58s
Configure issue/motd ------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.11s
from ansible-role-hardening.
Hi again @cleberb and sorry for the delay.
Can you test #392? You set the templates in defaults/main/templates.yml
I'll update the documentation when merged if it works well.
from ansible-role-hardening.
Related Issues (20)
- request add yescrypt for new debian system HOT 2
- Sysctl behavior on boot messes with the configuration set by the playbooks HOT 19
- [BUG] When disabling ufw_enable playbook fails when setting sysctl for conntrack with default values HOT 2
- Update wording regarding usb-storage
- [BUG] User locked out if not in *sudo* group HOT 3
- Just making sure, linter side effects? HOT 4
- Disabeling snap removal on playbook HOT 3
- [Documentation] Source(s) of password list? HOT 1
- [BUG] /var/log/syslog grows with 100KB/s HOT 6
- Auditd configuration
- [BUG] Task: Configure sshd using sshd_config.d] ; Error : AnsibleUndefinedVariable: {{ ansible_user }}: 'ansible_user' is undefined" HOT 5
- [BUG] Errors while running role HOT 5
- [BUG] Debian HOT 8
- [DOCS] Add info regarding hardened images
- [BUG] Interface with vlan name notworking HOT 1
- Replace the deprecated `ChallengeResponseAuthentication`
- [BUG] Idempotence test fails when using match_ in sshd config HOT 3
- [BUG] scorecard-action HOT 1
- [Question] Disable SSHD? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-role-hardening.