ansible批量禁止root用户登录
以下Ansible-Ploybook功能: 🚫禁止Root用户登录
--- lineinfile 模块替换前备份(格式为sshd_config.13019.2020-05-25@17:48:55~)
--- shell 模块支持正则 查看修改后的内容是否有变化
--- systemd 服务模块(restarted stoped started enable=yes)
- hosts: ssh
tasks:
- name: "Replace / etc / SSH / sshd_ Permitrootlogin parameter in config file"
lineinfile:
path: /etc/ssh/sshd_config
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
backup: yes
- name: "View modified content."
shell: |
cat /etc/ssh/sshd_config| sed 's#\PermitRootLogin yes#PermitRootLogin no#g'|grep PermitRootLogin
- name: "Reload SSH profile"
systemd:
name: sshd
state: restarted
register: out
- debug: var=out.stdout_lines
[root@BS003 probject]# ansible-playbook --syntax-check sshd.yaml
[root@BS003 probject]# ansible-playbook sshd.yaml