fix: update SSH configuration for security and add inotify limits
This commit is contained in:
parent
7a2caa824d
commit
d3069eb234
@ -34,10 +34,10 @@
|
|||||||
line: "{{ item.line }}"
|
line: "{{ item.line }}"
|
||||||
state: present
|
state: present
|
||||||
loop:
|
loop:
|
||||||
- { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' }
|
- { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication no" }
|
||||||
- { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' }
|
- { regexp: "^#?PermitRootLogin", line: "PermitRootLogin no" }
|
||||||
- { regexp: '^#?PubkeyAuthentication', line: 'PubkeyAuthentication yes' }
|
- { regexp: "^#?PubkeyAuthentication", line: "PubkeyAuthentication yes" }
|
||||||
- { regexp: '^#?Port ', line: 'Port 430' }
|
- { regexp: "^#?Port ", line: "Port 430" }
|
||||||
notify: Restart sshd
|
notify: Restart sshd
|
||||||
|
|
||||||
- name: Install UFW
|
- name: Install UFW
|
||||||
@ -75,3 +75,13 @@
|
|||||||
group: "{{ username }}"
|
group: "{{ username }}"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
loop: "{{ data_dirs }}"
|
loop: "{{ data_dirs }}"
|
||||||
|
|
||||||
|
- name: Set inotify limits
|
||||||
|
ansible.posix.sysctl:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
sysctl_file: /etc/sysctl.d/99-inotify.conf
|
||||||
|
reload: true
|
||||||
|
loop:
|
||||||
|
- { name: fs.inotify.max_user_instances, value: 512 }
|
||||||
|
- { name: fs.inotify.max_user_watches, value: 524288 }
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user