mirror of
https://github.com/dev-sec/ansible-collection-hardening
synced 2024-11-14 02:47:06 +00:00
simplify vars-handling
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
This commit is contained in:
Sebastian Gumprich
parent
0757a3d1c3
commit
3b059d4c7c
15 changed files with 73 additions and 52 deletions
|
|
@ -5,10 +5,6 @@ mysql_hardening_enabled: true
|
|||
mysql_daemon_enabled: true
|
||||
|
||||
# general configuration
|
||||
mysql_cnf_owner: 'root' # owner of /etc/mysql/*.cnf files
|
||||
mysql_cnf_group: 'root' # owner of /etc/mysql/*.cnf files
|
||||
mysql_hardening_user: 'mysql' # owner of data
|
||||
mysql_hardening_group: 'mysql'
|
||||
mysql_datadir: '/var/lib/mysql'
|
||||
mysql_hardening_mysql_hardening_conf_file: '{{mysql_hardening_mysql_confd_dir}}/hardening.cnf'
|
||||
# You have to change this to your own strong enough mysql root password
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
- name: protect my.cnf
|
||||
file:
|
||||
path: '{{ mysql_hardening_mysql_conf_file }}'
|
||||
mode: 0400
|
||||
mode: '0400'
|
||||
owner: '{{ mysql_cnf_owner }}'
|
||||
group: '{{ mysql_cnf_owner }}'
|
||||
follow: true
|
||||
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
- name: ensure permissions on mysql-logfile are correct
|
||||
file:
|
||||
path: '{{ mysql_hardening_log_dir }}/{{ mysql_hardening_log_file }}'
|
||||
path: '{{ mysql_hardening_log_file }}'
|
||||
state: file
|
||||
owner: '{{ mysql_hardening_user }}'
|
||||
group: '{{ mysql_hardening_group }}'
|
||||
|
|
|
|||
|
|
@ -1,12 +1,11 @@
|
|||
---
|
||||
|
||||
- name: add the OS specific variables
|
||||
include_vars: "{{ item }}"
|
||||
- name: set OS dependent variables
|
||||
include_vars: '{{ item }}'
|
||||
with_first_found:
|
||||
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
|
||||
- "{{ ansible_distribution }}.yml"
|
||||
- "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
|
||||
- "{{ ansible_os_family }}.yml"
|
||||
- '{{ ansible_facts.distribution }}_{{ ansible_facts.distribution_major_version }}.yml'
|
||||
- '{{ ansible_facts.distribution }}.yml'
|
||||
- '{{ ansible_facts.os_family }}_{{ ansible_facts.distribution_major_version }}.yml'
|
||||
- '{{ ansible_facts.os_family }}.yml'
|
||||
tags: always
|
||||
|
||||
- include: configure.yml
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ mysql_daemon: mysql
|
|||
mysql_hardening_mysql_conf_file: '/etc/mysql/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/mysql/conf.d'
|
||||
|
||||
mysql_hardening_log_dir: '/var/log'
|
||||
mysql_hardening_log_file: 'mysql.log'
|
||||
mysql_hardening_log_dir: '/var/log/mysql/error.log'
|
||||
|
||||
mysql_hardening_user: 'mysql' # owner of data
|
||||
mysql_hardening_group: 'adm'
|
||||
|
||||
mysql_cnf_owner: 'mysql' # owner of /etc/mysql/*.cnf files
|
||||
mysql_cnf_group: 'mysql' # owner of /etc/mysql/*.cnf files
|
||||
|
||||
mysql_python_package: "python-mysqldb"
|
||||
mysql_python_package: "python3-pymysql"
|
||||
|
|
|
|||
|
|
@ -4,8 +4,6 @@ mysql_daemon: mysqld
|
|||
mysql_hardening_mysql_conf_file: '/etc/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
|
||||
|
||||
mysql_hardening_log_dir: '/var/log'
|
||||
mysql_hardening_log_file: 'mysqld.log'
|
||||
mysql_hardening_log_dir: '/var/log/mysqld.log'
|
||||
|
||||
mysql_hardening_user: 'mysql' # owner of data
|
||||
mysql_hardening_group: 'adm'
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
mysql_daemon: mariadb
|
||||
mysql_hardening_mysql_conf_file: '/etc/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
|
||||
mysql_hardening_log_dir: '/var/log/mariadb'
|
||||
mysql_hardening_log_file: 'mariadb.log'
|
||||
|
||||
mysql_python_package: "MySQL-python"
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
mysql_daemon: mariadb
|
||||
mysql_hardening_mysql_conf_file: '/etc/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
|
||||
mysql_hardening_log_dir: '/var/log/mariadb'
|
||||
mysql_hardening_log_file: 'mariadb.log'
|
||||
|
||||
mysql_python_package: "python3-mysqlclient"
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
mysql_daemon: mysqld
|
||||
|
||||
mysql_hardening_mysql_conf_file: '/etc/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
|
||||
|
||||
mysql_hardening_log_dir: '/var/log/'
|
||||
mysql_hardening_log_file: 'mysqld.log'
|
||||
|
||||
mysql_hardening_user: 'mysql' # owner of data
|
||||
mysql_hardening_group: 'mysql'
|
||||
|
||||
mysql_python_package: "MySQL-python"
|
||||
13
vars/RedHat_7.yml
Normal file
13
vars/RedHat_7.yml
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
mysql_daemon: mariadb
|
||||
mysql_hardening_mysql_conf_file: '/etc/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
|
||||
|
||||
mysql_hardening_log_file: '/var/log/mariadb/mariadb.log'
|
||||
|
||||
mysql_python_package: 'MySQL-python'
|
||||
|
||||
mysql_cnf_owner: 'mysql' # owner of /etc/mysql/*.cnf files
|
||||
mysql_cnf_group: 'mysql' # owner of /etc/mysql/*.cnf files
|
||||
|
||||
mysql_hardening_group: 'mysql'
|
||||
12
vars/RedHat_8.yml
Normal file
12
vars/RedHat_8.yml
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
mysql_daemon: mariadb
|
||||
mysql_hardening_mysql_conf_file: '/etc/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/my.cnf.d'
|
||||
mysql_hardening_log_dir: '/var/log/mariadb/mariadb.log'
|
||||
|
||||
mysql_python_package: 'python3-mysqlclient'
|
||||
|
||||
mysql_cnf_owner: 'mysql' # owner of /etc/mysql/*.cnf files
|
||||
mysql_cnf_group: 'mysql' # owner of /etc/mysql/*.cnf files
|
||||
|
||||
mysql_hardening_group: 'mysql'
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
---
|
||||
mysql_python_package: "python3-mysqldb"
|
||||
11
vars/Ubuntu_16.yml
Normal file
11
vars/Ubuntu_16.yml
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
mysql_daemon: mysql
|
||||
|
||||
mysql_hardening_mysql_conf_file: '/etc/mysql/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/mysql/conf.d'
|
||||
|
||||
mysql_hardening_log_dir: '/var/log/mysql/error.log'
|
||||
|
||||
mysql_hardening_group: 'adm'
|
||||
|
||||
mysql_python_package: "python-mysqldb"
|
||||
11
vars/Ubuntu_18.yml
Normal file
11
vars/Ubuntu_18.yml
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
mysql_daemon: mysql
|
||||
|
||||
mysql_hardening_mysql_conf_file: '/etc/mysql/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/mysql/conf.d'
|
||||
|
||||
mysql_hardening_log_dir: '/var/log/mysql/error.log'
|
||||
|
||||
mysql_hardening_group: 'adm'
|
||||
|
||||
mysql_python_package: "python-mysqldb"
|
||||
11
vars/Ubuntu_20.yml
Normal file
11
vars/Ubuntu_20.yml
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
mysql_daemon: mysql
|
||||
|
||||
mysql_hardening_mysql_conf_file: '/etc/mysql/my.cnf'
|
||||
mysql_hardening_mysql_confd_dir: '/etc/mysql/conf.d'
|
||||
|
||||
mysql_hardening_log_dir: '/var/log/mysql/error.log'
|
||||
|
||||
mysql_hardening_group: 'adm'
|
||||
|
||||
mysql_python_package: "python3-mysqldb"
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
mysql_hardening_log_dir: '/var/log'
|
||||
mysql_hardening_log_file: 'mysql.log'
|
||||
|
||||
mysql_hardening_user: 'mysql' # owner of data
|
||||
|
|
|
|||
Loading…
Reference in a new issue