Produced by Araxis Merge on 4/18/2019 5:55:26 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | MCCF_EDI_TAS_TASCore v2.0_Build_10.zip\MCCF_EDI_TAS_DevOps\mccf_devops\playbooks | remove_centrify_configs_tas.yml | Wed Apr 3 02:27:32 2019 UTC |
2 | MCCF_EDI_TAS_TASCore v2.0_Build_10.zip\MCCF_EDI_TAS_DevOps\mccf_devops\playbooks | remove_centrify_configs_tas.yml | Mon Apr 15 17:30:12 2019 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 496 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | # Ansible Playbook | |
2 | # Dan McAl lister - PII | |
3 | # Version 1.0 | |
4 | # | |
5 | # De-Confi gure Centr ify | |
6 | # - Resto re SSHD_CO NFIG (Open SSH) | |
7 | # - Resto re PAM:sys tem-auth a nd PAM:ssh d configs | |
8 | # - Resto re /etc/ns switch.con f configs | |
9 | # - STOP Centrify S SH & disab le it | |
10 | # - START Open SSH & enable i t | |
11 | # | |
12 | --- | |
13 | - name: De -Configure Centrify | |
14 | hosts: " {{ var_hos ts }}" | |
15 | gather_f acts: no | |
16 | become: yes | |
17 | tasks: | |
18 | ||
19 | # - Res tore SSHD_ CONFIG (Op enSSH) | |
20 | - name: Verify BAS E OpenSSH Server Con fig file e xists | |
21 | blocki nfile: | |
22 | path : /etc/ssh /sshd_conf ig-base | |
23 | crea te: yes | |
24 | owne r: root | |
25 | grou p: root | |
26 | mode : 0600 | |
27 | mark er: "## {m ark} Added for RESCU E removal of VA Cent rify" | |
28 | cont ent: | | |
29 | # Default se ttings (no comments) for openS SH server | |
30 | Ho stKey /etc /ssh/ssh_h ost_rsa_ke y | |
31 | Ho stKey /etc /ssh/ssh_h ost_ecdsa_ key | |
32 | Ho stKey /etc /ssh/ssh_h ost_ed2551 9_key | |
33 | Sy slogFacili ty AUTHPRI V | |
34 | Au thorizedKe ysFile .ssh/aut horized_ke ys | |
35 | Pa sswordAuth entication yes | |
36 | Ch allengeRes ponseAuthe ntication yes | |
37 | GS SAPIAuthen tication y es | |
38 | GS SAPICleanu pCredentia ls no | |
39 | Us ePAM yes | |
40 | X1 1Forwardin g yes | |
41 | Us ePrivilege Separation sandbox # Default fo r new inst allations. | |
42 | Cl ientAliveI nterval 18 0 | |
43 | Ac ceptEnv LA NG LC_CTYP E LC_NUMER IC LC_TIME LC_COLLAT E LC_MONET ARY LC_MES SAGES | |
44 | Ac ceptEnv LC _PAPER LC_ NAME LC_AD DRESS LC_T ELEPHONE L C_MEASUREM ENT | |
45 | Ac ceptEnv LC _IDENTIFIC ATION LC_A LL LANGUAG E | |
46 | ||
47 | - name: Link the n ew BASE-ss hd-config file | |
48 | file: | |
49 | src: ./sshd_co nfig-base | |
50 | dest : /etc/ssh /sshd_conf ig | |
51 | owne r: root | |
52 | grou p: root | |
53 | mode : 0600 | |
54 | stat e: link | |
55 | forc e: yes | |
56 | back up: yes | |
57 | ||
58 | # - Res tore PAM:s ystem-auth and PAM:s shd config s | |
59 | - name: Install DE FAULT PAM sshd file | |
60 | blocki nfile: | |
61 | path : /etc/pam .d/sshd-ba se | |
62 | crea te: yes | |
63 | owne r: root | |
64 | grou p: root | |
65 | mode : 0644 | |
66 | mark er: "## {m ark} Added for RESCU E removal of VA Cent rify" | |
67 | cont ent: | | |
68 | # DEFAULT se ttings for SSHD PAM Authentica tion | |
69 | #% PAM-1.0 | |
70 | au th r equired pam_sepe rmit.so | |
71 | au th s ubstack password -auth | |
72 | au th i nclude postlogi n | |
73 | # Used with polkit to reauthoriz e users in remote se ssions | |
74 | -a uth o ptional pam_reau thorize.so prepare | |
75 | ac count r equired pam_nolo gin.so | |
76 | ac count i nclude password -auth | |
77 | pa ssword i nclude password -auth | |
78 | # pam_selinu x.so close should be the first session r ule | |
79 | se ssion r equired pam_seli nux.so clo se | |
80 | se ssion r equired pam_logi nuid.so | |
81 | # pam_selinu x.so open should onl y be follo wed by ses sions to b e executed in the us er context | |
82 | se ssion r equired pam_seli nux.so ope n env_para ms | |
83 | se ssion r equired pam_name space.so | |
84 | se ssion o ptional pam_keyi nit.so for ce revoke | |
85 | se ssion i nclude password -auth | |
86 | se ssion i nclude postlogi n | |
87 | # Used with polkit to reauthoriz e users in remote se ssions | |
88 | -s ession o ptional pam_reau thorize.so prepare | |
89 | ||
90 | - name: Link the n ew Centrif y-PAM-sshd file | |
91 | file: | |
92 | src: ./sshd-ba se | |
93 | dest : /etc/pam .d/sshd | |
94 | owne r: root | |
95 | grou p: root | |
96 | mode : 0644 | |
97 | stat e: link | |
98 | forc e: yes | |
99 | back up: yes | |
100 | ||
101 | - name: Create PAM system-au th setting s for Cent rify in sy tem-auth-v a-centrify | |
102 | blocki nfile: | |
103 | path : /etc/pam .d/system- auth-base | |
104 | crea te: yes | |
105 | owne r: root | |
106 | grou p: root | |
107 | mode : 0644 | |
108 | mark er: "## {m ark} Added for RESCU E removal of VA Cent rify" | |
109 | cont ent: | | |
110 | #% PAM-1.0 | |
111 | # This file is auto-ge nerated. | |
112 | # User chang es will be destroyed the next time authc onfig is r un. | |
113 | au th required pam_en v.so | |
114 | au th sufficient pam_un ix.so null ok try_fir st_pass | |
115 | au th requisite pam_su cceed_if.s o uid >= 1 000 quiet_ success | |
116 | au th required pam_de ny.so | |
117 | ||
118 | ac count required pam_un ix.so | |
119 | ac count sufficient pam_lo caluser.so | |
120 | ac count sufficient pam_su cceed_if.s o uid < 10 00 quiet | |
121 | ac count required pam_pe rmit.so | |
122 | ||
123 | pa ssword requisite pam_pw quality.so try_first _pass loca l_users_on ly retry=3 authtok_t ype= | |
124 | pa ssword sufficient pam_un ix.so sha5 12 shadow nullok try _first_pas s use_auth tok | |
125 | pa ssword required pam_de ny.so | |
126 | ||
127 | se ssion optional pam_ke yinit.so r evoke | |
128 | se ssion required pam_li mits.so | |
129 | -s ession optional pam_s ystemd.so | |
130 | se ssion [success=1 default=i gnore] pam _succeed_i f.so servi ce in cron d quiet us e_uid | |
131 | se ssion required pam_un ix.so | |
132 | ||
133 | - name: Link the n ew BASE-PA M-system-a uth file | |
134 | file: | |
135 | src: ./system- auth-base | |
136 | dest : /etc/pam .d/system- auth | |
137 | owne r: root | |
138 | grou p: root | |
139 | mode : 0644 | |
140 | stat e: link | |
141 | forc e: yes | |
142 | back up: yes | |
143 | ||
144 | # - Res tore /etc/ nsswitch.c onf config s | |
145 | - name: Create bas eline nsss witch.conf file | |
146 | blocki nfile: | |
147 | path : /etc/nss witch.conf -base | |
148 | crea te: yes | |
149 | owne r: root | |
150 | grou p: root | |
151 | mode : 0644 | |
152 | mark er: "## {m ark} Added for RESCU E removal of VA Cent rify" | |
153 | cont ent: | | |
154 | # | |
155 | # /etc/nsswi tch.conf | |
156 | # | |
157 | # An example Name Serv ice Switch config fi le. This f ile should be | |
158 | # sorted wit h the most -used serv ices at th e beginnin g. | |
159 | # | |
160 | # The entry '[NOTFOUND =return]' means that the searc h for an | |
161 | # entry shou ld stop if the searc h in the p revious en try turned | |
162 | # up nothing . Note tha t if the s earch fail ed due to some other reason | |
163 | # (like no N IS server responding ) then the search co ntinues wi th the | |
164 | # next entry . | |
165 | # | |
166 | # Valid entr ies includ e: | |
167 | # | |
168 | # nisp lus Use NIS+ ( NIS versio n 3) | |
169 | # nis Use NIS (N IS version 2), also called YP | |
170 | # dns Use DNS (D omain Name Service) | |
171 | # file s Use the lo cal files | |
172 | # db Use the lo cal databa se (.db) f iles | |
173 | # comp at Use NIS on compat mo de | |
174 | # hesi od Use Hesiod for user lookups | |
175 | # [NOT FOUND=retu rn] Stop searc hing if no t found so far | |
176 | # | |
177 | ||
178 | # To use db, put the " db" in fro nt of "fil es" for en tries you want to be | |
179 | # looked up first in t he databas es | |
180 | # | |
181 | # Example: | |
182 | #p asswd: db files n isplus nis | |
183 | #s hadow: db files n isplus nis | |
184 | #g roup: db files n isplus nis | |
185 | ||
186 | pa sswd: files sss | |
187 | sh adow: files sss | |
188 | gr oup: files sss | |
189 | #i nitgroups: files | |
190 | ||
191 | #h osts: db files n isplus nis dns | |
192 | ho sts: files dns myhostname | |
193 | ||
194 | # Example - obey only what nispl us tells u s... | |
195 | #s ervices: nisplus [ NOTFOUND=r eturn] fil es | |
196 | #n etworks: nisplus [ NOTFOUND=r eturn] fil es | |
197 | #p rotocols: nisplus [ NOTFOUND=r eturn] fil es | |
198 | #r pc: nisplus [ NOTFOUND=r eturn] fil es | |
199 | #e thers: nisplus [ NOTFOUND=r eturn] fil es | |
200 | #n etmasks: nisplus [ NOTFOUND=r eturn] fil es | |
201 | ||
202 | bo otparams: nisplus [N OTFOUND=re turn] file s | |
203 | ||
204 | et hers: files | |
205 | ne tmasks: files | |
206 | ne tworks: files | |
207 | pr otocols: files | |
208 | rp c: files | |
209 | se rvices: files sss | |
210 | ||
211 | ne tgroup: files sss | |
212 | ||
213 | pu blickey: nisplus | |
214 | ||
215 | au tomount: files | |
216 | al iases: files nisp lus | |
217 | ||
218 | - name: Link the n ew BASE ns switch.con f in for u se | |
219 | file: | |
220 | src: ./nsswitc h.conf-bas e | |
221 | dest : /etc/nss witch.conf | |
222 | owne r: root | |
223 | grou p: root | |
224 | mode : 0644 | |
225 | stat e: link | |
226 | forc e: yes | |
227 | back up: yes | |
228 | ||
229 | # - STO P Centrify SSH & dis able it | |
230 | - name: shutdown u p Centrify DC | |
231 | system d: | |
232 | name : centrify dc | |
233 | enab led: no | |
234 | stat e: stopped | |
235 | ignore _errors: y es | |
236 | ||
237 | - name: Turn Off C entrify-SS H | |
238 | system d: | |
239 | name : centrify -sshd | |
240 | enab led: no | |
241 | stat e: stopped | |
242 | ignore _errors: y es | |
243 | ||
244 | # - STA RT Open SS H & enable it | |
245 | - name: Turn On Op enSSH | |
246 | system d: | |
247 | name : sshd | |
248 | enab led: yes | |
249 | stat e: started |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.