mateusz/portfolio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
portfolio/infra-run/ansible/roles/cis-rhel9-hardening/tasks/sudo.yml
T
Mateusz Suski 75a11f7650 Add RHEL 9 CIS-inspired hardening playbook
2026-05-06 08:45:33 +00:00

19 lines
494 B
YAML
Raw Permalink Blame History

---
- name: Configure sudo hardening drop-in
ansible.builtin.lineinfile:
path: "{{ cis_sudoers_dropin_path }}"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
create: true
owner: root
group: root
mode: "0440"
validate: /usr/sbin/visudo -cf %s
loop:
- regexp: '^Defaults\s+use_pty'
line: "Defaults use_pty"
- regexp: '^Defaults\s+logfile='
line: 'Defaults logfile="{{ cis_sudo_logfile }}"'
loop_control:
label: "{{ item.line }}"
Reference in New Issue View Git Blame Copy Permalink