ansible-hardening/tasks/console.yml

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: V-38668 - The x86 Ctrl-Alt-Delete key sequence must be disabled (init)
  lineinfile:
    dest: /etc/init/control-alt-delete.conf
    regexp: '^(#)?exec shutdown -r now "Control-Alt-Delete pressed"'
    line: '#exec shutdown -r now "Control-Alt-Delete pressed"'
    state: present
  when: not systemd_running | bool
  tags:
    - console
    - cat1
    - V-38668

# This returns an exit code of 0 if it's running, 3 if it's masked.
- name: Check if ctrl-alt-del.target is already masked (systemd)
  command: systemctl status ctrl-alt-del.target
  register: cad_mask_check
  changed_when: False
  always_run: True
  failed_when: False
  when: systemd_running | bool
  tags:
    - always
    - console
    - cat1
    - V-38668

- name: V-38668 - The x86 Ctrl-Alt-Delete key sequence must be disabled (systemd)
  command: systemctl mask ctrl-alt-del.target
  when:
    - systemd_running | bool
    - "'masked' in cad_mask_check.stdout"
  tags:
    - console
    - cat1
    - V-38668

- name: V-38593 - Display a login banner for console prompts
  copy:
    src: login_banner.txt
    dest: /etc/issue.net
  tags:
    - console
    - cat2
    - V-38593