1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
# platform = multi_platform_all
# reboot = false
# strategy = restrict
# complexity = low
# disruption = low
{{%- macro delete_line_in_sudoers_d(line) %}}
- name: "Find out if /etc/sudoers.d/* files contain {{{ line }}} to be deduplicated"
find:
path: "/etc/sudoers.d"
patterns: "*"
contains: '^{{{ line }}}$'
register: sudoers_d_defaults
- name: "Remove found occurrences of {{{ line }}} from /etc/sudoers.d/* files"
lineinfile:
path: "{{ item.path }}"
regexp: "^{{{ line }}}$"
state: absent
with_items: "{{ sudoers_d_defaults.files }}"
{{%- endmacro %}}
{{%- macro delete_line_in_sudoers_file(line) %}}
- name: "Remove any ocurrences of {{{ line }}} in /etc/sudoers"
lineinfile:
path: "/etc/sudoers"
regexp: "^{{{ line }}}$"
validate: /usr/sbin/visudo -cf %s
state: absent
register: sudoers_file_defaults
{{%- endmacro %}}
{{{- delete_line_in_sudoers_d("Defaults targetpw") }}}
{{{- delete_line_in_sudoers_d("Defaults rootpw") }}}
{{{- delete_line_in_sudoers_d("Defaults runaspw") }}}
{{{- delete_line_in_sudoers_file("Defaults targetpw") }}}
{{{- delete_line_in_sudoers_file("Defaults rootpw") }}}
{{{- delete_line_in_sudoers_file("Defaults runaspw") }}}
{{{ ansible_only_lineinfile(msg='Ensure that Defaults !targetpw is defined in sudoers', line_regex='^Defaults !targetpw$', insensitive=false, path='/etc/sudoers', new_line='Defaults !targetpw') }}}
{{{ ansible_only_lineinfile(msg='Ensure that Defaults !rootpw is defined in sudoers', line_regex='^Defaults !rootpw$', insensitive=false, path='/etc/sudoers', new_line='Defaults !rootpw') }}}
{{{ ansible_only_lineinfile(msg='Ensure that Defaults !runaspw is defined in sudoers', line_regex='^Defaults !runaspw$', insensitive=false, path='/etc/sudoers', new_line='Defaults !runaspw') }}}
|
