feat: Added role to ssh hardening.

ciro-mota · Dec 13, 2023 · b956a39 · b956a39
1 parent ca00777
commit b956a39
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/scripts/nginx.sh b/scripts/nginx.sh
@@ -19,10 +19,12 @@ elif [ -f /etc/alpine-release ]; then
  apk update && apk add ansible
 
 else
-  echo "Unsuported Distro." 
+  echo "Unsuported Distro."
 fi
 
 tee -a requirements.yml <<'EOF'
+---
+- src: dev-sec.ssh-hardening
 - src: nginxinc.nginx
 EOF
 
@@ -31,7 +33,18 @@ tee -a playbook.yml <<'EOF'
 - name: "Provision Nginx"
   hosts: localhost
   become: true
+  vars:
+    ssh_kex:
+     - [email protected]
+     - [email protected]
+     - diffie-hellman-group-exchange-sha256
+    ssh_server_ports: ['22']
+    ssh_permit_root_login: "without-password"
+    ssh_use_pam: "true"
+    sshd_authenticationmethods: "publickey"
+    ssh_authorized_keys_file: ".ssh/authorized_keys"
   roles:
+    - dev-sec.ssh-hardening
     - nginxinc.nginx
 EOF