Mirrors/ansible-collection-hardening
2
0
Fork 0
mirror of https://github.com/dev-sec/ansible-collection-hardening synced 2024-11-10 09:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
ansible-collection-hardening/roles/mysql_hardening/defaults/main.yml
Sebastian Gumprich f295397611
add role argument spec for os, ssh, mysql (#687) 
* add role argument spec for os, ssh, mysql

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add role argument spec for os, ssh, mysql

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* remove variable in variable as it cannot be used in argument spec

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* fix wrong syntax

* fix spelling errors

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* cannot use vars before arg-spec validation

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* yamllint the arg-spec

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* add back variable

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* remove redundant setting in tests

* fix descriptions in mysql hardening to betterreflect what they do

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* remove duplicate empty line

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* set correct defaults on to ssl options

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* remove left-over hidepid argument spec

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* remove license and author infos, this lives in the collection readme

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* fix styling

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* update some descriptions and sort them in the readme

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

* some more linting

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>

---------

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
Co-authored-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2023-08-07 14:30:59 +02:00

51 lines
2 KiB
YAML
Raw Blame History

---
# switcher to enable/disable role
mysql_hardening_enabled: true
mysql_daemon_enabled: true
mysql_hardening_restart_mysql: true
# You have to change this to your own strong enough mysql root password
mysql_root_password: "-----====>SetR00tPa$$wordH3r3!!!<====-----"
# There .my.cnf with mysql root credentials will be installed
mysql_user_home: "{{ ansible_env.HOME }}"
# ensure the following parameters are set properly
mysql_remove_remote_root: true
mysql_remove_anonymous_users: true
mysql_remove_test_database: true
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-show-database
mysql_hardening_skip_show_database: true
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-grant-tables
mysql_hardening_skip_grant_tables: false
# @see http://www.symantec.com/connect/articles/securing-mysql-step-step
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_chroot
mysql_hardening_chroot: ""
mysql_hardening_options:
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_safe-user-create
safe-user-create: 1
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option-mysqld-secure-auth
secure-auth: 1
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option-mysqld-symbolic-links
skip-symbolic-links: 1
# @see http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar-local-infile
local-infile: 0
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option-mysqld-allow-suspicious-udfs
allow-suspicious-udfs: 0
# @see https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar-automatic-sp-privileges
automatic-sp-privileges: 0
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option-mysqld-secure-file-priv
secure-file-priv: /tmp
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_user
user: "{{ mysql_hardening_user }}"
Reference in a new issue View git blame Copy permalink