[add tags hardening]

2024-09-07 11:28:43 +02:00
parent a1836e1a30
commit d040ac4fda
1 changed files with 19 additions and 8 deletions
--- a/hardening.yml
+++ b/hardening.yml
@@ -4,6 +4,9 @@
  gather_facts: true
  pre_tasks:

+# to reinstall netbird rm /usr/share/keyrings/netbird-archive-keyring.gpg
+# become root no password /etc/sudoers.d/20stephane => stephane ALL=(ALL) NOPASSWD: ALL
+
    - ansible.builtin.pip:
        name: netaddr
      delegate_to: localhost
@@ -103,16 +106,24 @@

  roles:
   # - robertdebock.update
-    - devsec.hardening.os_hardening
-    - devsec.hardening.ssh_hardening
+    - role: devsec.hardening.os_hardening
+      tags: os
+    - role: devsec.hardening.ssh_hardening
+      tags: ssh
    # - maxlareo.rkhunter
    # - maxlareo.chkrootkit
-    - robertdebock.auditd
-    - geerlingguy.firewall
-    - grog.management-user
-    - GROG.user
-    - GROG.authorized-key
-    - GROG.sudo
+    - role: robertdebock.auditd
+      tags: auditd
+    - role: geerlingguy.firewall
+      tags: firewall
+    - role: grog.management-user
+      tags: user
+    - role: GROG.user
+      tags: user
+    - role: GROG.authorized-key
+      tags: user
+    - role: GROG.sudo
+      tags: user    
    # - ansible_unattended_upgrades
    # - buluma.lynis