Skip to content

Commit ebe55e5

Browse files
authored
Merge pull request #908 from ctorrisi/manage-pam-packages-conditionals-suse-usbguard
chore: add manage_packages toggle, add manage_password toggle, …
2 parents 30eb61d + 40b4bd2 commit ebe55e5

8 files changed

Lines changed: 19 additions & 1 deletion

File tree

README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -314,6 +314,7 @@ journald_storage: persistent
314314
journald_permissions: "2640"
315315
journald_group: "systemd-journal"
316316
journald_user: "root"
317+
journald_system_max_use: ""
317318
```
318319

319320
### ./defaults/main/kernel.yml
@@ -463,6 +464,7 @@ apt_hardening_options:
463464
### ./defaults/main/packages.yml
464465

465466
```yaml
467+
manage_packages: true
466468
system_upgrade: true
467469
468470
packages_blocklist:
@@ -542,6 +544,7 @@ packages_ubuntu:
542544
### ./defaults/main/password.yml
543545

544546
```yaml
547+
manage_password: true
545548
manage_pam: true
546549
manage_faillock: true
547550
manage_pwquality: true

defaults/main/journal.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,3 +10,4 @@ journald_storage: persistent
1010
journald_permissions: "2640"
1111
journald_group: "systemd-journal"
1212
journald_user: "root"
13+
journald_system_max_use: ""

defaults/main/packages.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
---
2+
manage_packages: true
23
system_upgrade: true
34

45
packages_blocklist:

defaults/main/password.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
---
2+
manage_password: true
23
manage_pam: true
34
manage_faillock: true
45
manage_pwquality: true

tasks/facts.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@
6666
ansible.builtin.set_fact:
6767
pam_version: "{{ ansible_facts.packages['pam'][0].version }}"
6868
when:
69-
- ansible_os_family == "RedHat"
69+
- ansible_os_family in ["RedHat", "Suse"]
7070
- "'pam' in ansible_facts.packages"
7171

7272
- name: Set hashing algorithm for password (yescrypt|sha512)

tasks/main.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,8 @@
185185
- name: Configure needrestart, install and remove various packages
186186
ansible.builtin.import_tasks:
187187
file: packages.yml
188+
when:
189+
- manage_packages
188190
tags:
189191
- package_installation
190192

@@ -199,6 +201,8 @@
199201
- name: Configure PAM
200202
ansible.builtin.import_tasks:
201203
file: password.yml
204+
when:
205+
- manage_password
202206
tags:
203207
- cracklib
204208
- crypto_policy

tasks/usbguard.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,13 @@
2525
when:
2626
- ansible_os_family == "RedHat"
2727

28+
- name: Suse family USBGuard package installation
29+
community.general.zypper:
30+
name: usbguard
31+
state: present
32+
when:
33+
- ansible_os_family == "Suse"
34+
2835
- name: Configure RuleFile
2936
ansible.builtin.lineinfile:
3037
regexp: (^|^#)RuleFile

templates/etc/systemd/journald.conf.j2

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,4 @@
55
Compress={{ 'yes' if journald_compress else 'no' }}
66
ForwardToSyslog={{ 'yes' if journald_forwardtosyslog else 'no' }}
77
Storage={{ journald_storage }}
8+
{{ 'SystemMaxUse=' ~ journald_system_max_use if journald_system_max_use else '#SystemMaxUse=' }}

0 commit comments

Comments
 (0)