55 lines
1.7 KiB
YAML
55 lines
1.7 KiB
YAML
---
|
|
- name: service facts
|
|
service_facts:
|
|
- name: service name is apache2
|
|
set_fact:
|
|
apache_service: "apache2"
|
|
when:
|
|
- "services['apache2.service'] is defined"
|
|
- "services['apache2.service'].state == 'running'"
|
|
- name: service name is httpd
|
|
set_fact:
|
|
apache_service: "httpd"
|
|
when:
|
|
- "services['httpd.service'] is defined"
|
|
- "services['httpd.service'].state == 'running'"
|
|
|
|
- name: include debian/ubuntu specific
|
|
include_tasks: debian.yml
|
|
when: (ansible_distribution == "Debian" or ansible_distribution == "Ubuntu")
|
|
|
|
- name: include redhat specific
|
|
include_tasks: redhat.yml
|
|
when: ansible_distribution == "RedHat"
|
|
|
|
- name: hardening apache
|
|
when:
|
|
- apache_service is defined
|
|
block:
|
|
|
|
- name: security.conf ServerTokens, debian11-99 ubuntu20-99 redhat
|
|
lineinfile:
|
|
dest: /etc/apache2/conf-available/security.conf
|
|
regexp: "^ServerTokens"
|
|
line: "ServerTokens Prod"
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
|
|
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) or
|
|
ansible_distribution == "RedHat"
|
|
notify: restart_apache
|
|
|
|
|
|
- name: security.conf ServerSignature, debian11-99 ubuntu20-99 redhat
|
|
lineinfile:
|
|
dest: /etc/apache2/conf-available/security.conf
|
|
regexp: "^ServerSignature"
|
|
line: "ServerSignature Off"
|
|
when:
|
|
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
|
|
(ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) or
|
|
ansible_distribution == "RedHat"
|
|
notify: restart_apache
|
|
|
|
|
|
# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:
|