mirror of
https://bitbucket.org/atlassian/dc-deployments-automation.git
synced 2025-12-13 08:23:06 -06:00
24 lines
879 B
YAML
24 lines
879 B
YAML
---
|
|
|
|
- name: Install Amazon-Linux-specific support packages
|
|
yum:
|
|
name:
|
|
- shadow-utils
|
|
- libxml2
|
|
- git-{{ git_version }}
|
|
- dejavu-sans-fonts
|
|
|
|
- name: Limit the SSH ciphers
|
|
lineinfile:
|
|
path: "/etc/ssh/sshd_config"
|
|
# Drop insecure ciphers, currently 3des-cbc only. You can get the
|
|
# full list with `sshd -T | grep -i ciphers`
|
|
regexp: '^[Cc]iphers'
|
|
line: "Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc"
|
|
insertbefore: "BOF"
|
|
register: ssh_cypher_results
|
|
failed_when: # No sshd == no problem
|
|
- ssh_cypher_results.rc > 0
|
|
- ssh_cypher_results.stderr is defined
|
|
- "'Destination /etc/ssh/sshd_config does not exist' not in ssh_cypher_results.stderr" # fails for errors other than this one
|