fix: update SSH configuration for security and add inotify limits
This commit is contained in:
parent
7a2caa824d
commit
d3069eb234
@ -34,10 +34,10 @@
|
||||
line: "{{ item.line }}"
|
||||
state: present
|
||||
loop:
|
||||
- { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' }
|
||||
- { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' }
|
||||
- { regexp: '^#?PubkeyAuthentication', line: 'PubkeyAuthentication yes' }
|
||||
- { regexp: '^#?Port ', line: 'Port 430' }
|
||||
- { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication no" }
|
||||
- { regexp: "^#?PermitRootLogin", line: "PermitRootLogin no" }
|
||||
- { regexp: "^#?PubkeyAuthentication", line: "PubkeyAuthentication yes" }
|
||||
- { regexp: "^#?Port ", line: "Port 430" }
|
||||
notify: Restart sshd
|
||||
|
||||
- name: Install UFW
|
||||
@ -75,3 +75,13 @@
|
||||
group: "{{ username }}"
|
||||
mode: "0755"
|
||||
loop: "{{ data_dirs }}"
|
||||
|
||||
- name: Set inotify limits
|
||||
ansible.posix.sysctl:
|
||||
name: "{{ item.name }}"
|
||||
value: "{{ item.value }}"
|
||||
sysctl_file: /etc/sysctl.d/99-inotify.conf
|
||||
reload: true
|
||||
loop:
|
||||
- { name: fs.inotify.max_user_instances, value: 512 }
|
||||
- { name: fs.inotify.max_user_watches, value: 524288 }
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user