Fixed some TLS options, added user specific options.
This commit is contained in:
parent
6c57574eb5
commit
2dee92f748
|
@ -10,9 +10,11 @@ vsftpd_ls_recurse_enable: "NO"
|
|||
vsftpd_local_root: /dev/null
|
||||
vsftpd_pasv_min_port: 49152
|
||||
vsftpd_pasv_max_port: 65534
|
||||
vsftpd_global_confi_dir: /etc/vsftpd
|
||||
vsftpd_global_config_dir: /etc/vsftpd
|
||||
vsftpd_user_config_enabled: False
|
||||
vsftpd_user_config_dir: '{{ vsftpd_global_config_dir }}/users'
|
||||
vsftpd_chroot_list_enable: "YES"
|
||||
vsftpd_chroot_list_file: '{{ vsftpd_global_confi_dir }}/chroot_list'
|
||||
vsftpd_chroot_list_file: '{{ vsftpd_global_config_dir }}/chroot_list'
|
||||
vsftpd_chroot_passwd_enable: "NO"
|
||||
vsftpd_chroot_local_user: "NO"
|
||||
vsftpd_iptables_rules: True
|
||||
|
@ -20,12 +22,11 @@ vsftpd_iptables_allowed_hosts:
|
|||
- 0.0.0.0/0
|
||||
|
||||
vsftp_chrooted_users: []
|
||||
# - { login: 'user1' }
|
||||
# - { login: 'user1', conf: [ 'local_umask=022', 'local_root=/some/foo/path' ] }
|
||||
# - { login: 'user2' }
|
||||
|
||||
vsftpd_manage_user_acls: True
|
||||
vsftpd_manage_real_users: False
|
||||
vsftpd_manage_valid_shells: False
|
||||
vsftpd_valid_shell: '/bin/true'
|
||||
|
||||
vsftpd_tls_enabled: True
|
||||
vsftpd_force_tls: True
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
yum: pkg=vsftpd state=present
|
||||
|
||||
- name: Install the vsftpd configuration file
|
||||
template: src=vsftpd.conf.j2 dest={{ vsftpd_global_confi_dir }}/vsftpd.conf mode=0444 owner=root group=root
|
||||
template: src=vsftpd.conf.j2 dest={{ vsftpd_global_config_dir }}/vsftpd.conf mode=0444 owner=root group=root
|
||||
notify: Restart the vsftpd server
|
||||
tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ]
|
||||
|
||||
|
@ -27,9 +27,27 @@
|
|||
|
||||
- name: Global configuration
|
||||
block:
|
||||
- name: Create the global config directory
|
||||
file: dest={{ vsftpd_global_config_dir }} state=directory mode='0755' owner=root group=root
|
||||
|
||||
- name: Install the chroot list file
|
||||
template: src=vsftpd_chroot_list.j2 dest={{ vsftpd_chroot_list_file }} mode=0444 owner=root group=root
|
||||
|
||||
- name: Create the user configs directory
|
||||
file: dest={{ vsftpd_user_config_dir }} state=directory mode='0750' owner=root group=root
|
||||
when: vsftpd_user_config_enabled
|
||||
|
||||
- name: Install the users configurations
|
||||
template: src=vsftpd_user_config.j2 dest={{ vsftpd_user_config_dir }}/{{ item.login }} mode=0444 owner=root group=root
|
||||
with_items: '{{ vsftp_chrooted_users }}'
|
||||
when:
|
||||
- vsftpd_user_config_enabled
|
||||
- item.conf is defined
|
||||
|
||||
- name: Make /bin/true a valid shell
|
||||
lineinfile: name=/etc/shells line="{{ vsftpd_valid_shell }}"
|
||||
when: vsftpd_manage_valid_shells
|
||||
|
||||
tags: [ 'vsftpd', 'ftp', 'vsftpd_conf' ]
|
||||
|
||||
- name: vsftpd service
|
||||
|
|
|
@ -122,11 +122,15 @@ pam_service_name=vsftpd
|
|||
ssl_enable=YES
|
||||
ssl_sslv2=NO
|
||||
ssl_sslv3=NO
|
||||
{% if ansible_distribution_version is version_compare('18.04', '>=') %}
|
||||
{% if ansible_distribution_version is version_compare('18.04', '==') and ansible_distribution_file_variety == "Debian" %}
|
||||
ssl_tlsv1=NO
|
||||
{% endif %}
|
||||
{% if ansible_distribution_version is version_compare('20.04', '>=') and ansible_distribution_file_variety == "Debian" %}
|
||||
ssl_tlsv1=NO
|
||||
ssl_tlsv1_1=NO
|
||||
ssl_tlsv1_2=YES
|
||||
{% else %}
|
||||
{% endif %}
|
||||
{% if ansible_distribution_version is version_compare('16.04', '<=') and ansible_distribution_file_variety == "Debian" %}
|
||||
ssl_tlsv1=YES
|
||||
{% endif %}
|
||||
ca_certs_file={{ vsftpd_ssl_ca_certificate }}
|
||||
|
@ -150,3 +154,6 @@ chroot_list_file={{ vsftpd_chroot_list_file }}
|
|||
passwd_chroot_enable={{ vsftpd_chroot_passwd_enable }}
|
||||
chroot_local_user={{ vsftpd_chroot_local_user }}
|
||||
|
||||
{% if vsftpd_user_config_enabled %}
|
||||
user_config_dir={{ vsftpd_user_config_dir }}
|
||||
{% endif %}
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{% if item.conf is defined %}
|
||||
{% for data in item.conf %}
|
||||
{{ data }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
Loading…
Reference in New Issue