File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -314,6 +314,7 @@ journald_storage: persistent
314314journald_permissions: "2640"
315315journald_group: "systemd-journal"
316316journald_user: "root"
317+ journald_system_max_use: ""
317318` ` `
318319
319320# ## ./defaults/main/kernel.yml
@@ -463,6 +464,7 @@ apt_hardening_options:
463464# ## ./defaults/main/packages.yml
464465
465466` ` ` yaml
467+ manage_packages: true
466468system_upgrade: true
467469
468470packages_blocklist:
@@ -542,6 +544,7 @@ packages_ubuntu:
542544# ## ./defaults/main/password.yml
543545
544546` ` ` yaml
547+ manage_password: true
545548manage_pam: true
546549manage_faillock: true
547550manage_pwquality: true
Original file line number Diff line number Diff line change @@ -10,3 +10,4 @@ journald_storage: persistent
1010journald_permissions : " 2640"
1111journald_group : " systemd-journal"
1212journald_user : " root"
13+ journald_system_max_use : " "
Original file line number Diff line number Diff line change 11---
2+ manage_packages : true
23system_upgrade : true
34
45packages_blocklist :
Original file line number Diff line number Diff line change 11---
2+ manage_password : true
23manage_pam : true
34manage_faillock : true
45manage_pwquality : true
Original file line number Diff line number Diff line change 6666 ansible.builtin.set_fact :
6767 pam_version : " {{ ansible_facts.packages['pam'][0].version }}"
6868 when :
69- - ansible_os_family == "RedHat"
69+ - ansible_os_family in [ "RedHat", "Suse"]
7070 - " 'pam' in ansible_facts.packages"
7171
7272- name : Set hashing algorithm for password (yescrypt|sha512)
Original file line number Diff line number Diff line change 185185- name : Configure needrestart, install and remove various packages
186186 ansible.builtin.import_tasks :
187187 file : packages.yml
188+ when :
189+ - manage_packages
188190 tags :
189191 - package_installation
190192
199201- name : Configure PAM
200202 ansible.builtin.import_tasks :
201203 file : password.yml
204+ when :
205+ - manage_password
202206 tags :
203207 - cracklib
204208 - crypto_policy
Original file line number Diff line number Diff line change 2525 when :
2626 - ansible_os_family == "RedHat"
2727
28+ - name : Suse family USBGuard package installation
29+ community.general.zypper :
30+ name : usbguard
31+ state : present
32+ when :
33+ - ansible_os_family == "Suse"
34+
2835 - name : Configure RuleFile
2936 ansible.builtin.lineinfile :
3037 regexp : (^|^#)RuleFile
Original file line number Diff line number Diff line change 55Compress={{ 'yes' if journald_compress else 'no' }}
66ForwardToSyslog={{ 'yes' if journald_forwardtosyslog else 'no' }}
77Storage={{ journald_storage }}
8+ {{ 'SystemMaxUse=' ~ journald_system_max_use if journald_system_max_use else '#SystemMaxUse=' }}
You can’t perform that action at this time.
0 commit comments