55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
---
|
|
- name: Dump all databases to hostname.sql including master data
|
|
community.mysql.mysql_db:
|
|
state: dump
|
|
name: all
|
|
target: /tmp/dump.sql
|
|
master_data: 1
|
|
|
|
- name: protect my.cnf
|
|
file:
|
|
path: '{{ mysql_hardening_mysql_conf_file }}'
|
|
mode: '0640'
|
|
owner: '{{ mysql_cnf_owner }}'
|
|
group: '{{ mysql_cnf_group }}'
|
|
follow: true
|
|
state: file
|
|
|
|
- name: ensure permissions on mysql-datadir are correct
|
|
file:
|
|
path: '{{ mysql_datadir }}'
|
|
state: directory
|
|
owner: '{{ mysql_hardening_user }}'
|
|
group: '{{ mysql_hardening_user }}'
|
|
mode: '0750'
|
|
|
|
- name: ensure permissions on mysql-logfile are correct
|
|
file:
|
|
path: '{{ mysql_hardening_log_file }}'
|
|
state: file
|
|
owner: '{{ mysql_hardening_user }}'
|
|
group: '{{ mysql_hardening_group }}'
|
|
mode: '0640'
|
|
|
|
- name: check mysql configuration-directory exists and has right permissions
|
|
file:
|
|
path: '{{ mysql_hardening_mysql_confd_dir }}'
|
|
state: directory
|
|
owner: '{{ mysql_hardening_user }}'
|
|
group: '{{ mysql_hardening_group }}'
|
|
mode: '0750'
|
|
|
|
- name: check include-dir directive is present in my.cnf
|
|
lineinfile:
|
|
dest: '{{ mysql_hardening_mysql_conf_file }}'
|
|
line: '!includedir {{ mysql_hardening_mysql_confd_dir }}'
|
|
insertafter: 'EOF'
|
|
state: present
|
|
backup: true
|
|
notify: Restart MySQL
|
|
|
|
- name: Removes all anonymous user accounts
|
|
community.mysql.mysql_user:
|
|
name: ''
|
|
host_all: true
|
|
state: absent |