diff --git a/main.yml b/main.yml index 946f84a..b22009e 100644 --- a/main.yml +++ b/main.yml @@ -1,5 +1,5 @@ --- -- hosts: local +- hosts: all vars: local_path: '/tmp/eee' roles: diff --git a/roles/secure/handlers/main.yml b/roles/secure/handlers/main.yml new file mode 100644 index 0000000..3839863 --- /dev/null +++ b/roles/secure/handlers/main.yml @@ -0,0 +1,11 @@ +- name: Check sshd + shell: + cmd: sshd -t + become: yes + listen: "restart_sshd" +- name: Restart sshd + service: + name: sshd + state: restarted + become: yes + listen: "restart_sshd" diff --git a/roles/secure/tasks/main.yml b/roles/secure/tasks/main.yml index 230112a..1969fa6 100644 --- a/roles/secure/tasks/main.yml +++ b/roles/secure/tasks/main.yml @@ -6,6 +6,7 @@ insertbefore: BOF state: 'present' line: 'Protocol 2' + notify: restart_sshd - name: UseDNS no lineinfile: path: /etc/ssh/sshd_config @@ -14,6 +15,7 @@ insertbefore: BOF state: 'present' line: 'UseDNS no' + notify: restart_sshd - name: PermitEmptyPasswords no lineinfile: path: /etc/ssh/sshd_config @@ -22,6 +24,7 @@ insertbefore: BOF state: 'present' line: 'PermitEmptyPasswords no' + notify: restart_sshd - name: PermitRootLogin without-password lineinfile: path: /etc/ssh/sshd_config @@ -30,3 +33,4 @@ insertbefore: BOF state: 'present' line: 'PermitRootLogin without-password' + notify: restart_sshd