53 lines
2.0 KiB
YAML
53 lines
2.0 KiB
YAML
---
|
|
# switcher to enable/disable role
|
|
mysql_hardening_enabled: true
|
|
|
|
mysql_daemon_enabled: true
|
|
|
|
# general configuration
|
|
mysql_datadir: '/var/lib/mysql'
|
|
# You have to change this to your own strong enough mysql root password
|
|
mysql_root_password: 'root_1337'
|
|
# There .my.cnf with mysql root credentials will be installed
|
|
mysql_user_home: "{{ ansible_env.HOME}}"
|
|
|
|
# ensure the following parameters are set properly
|
|
mysql_remove_remote_root: true
|
|
mysql_remove_anonymous_users: true
|
|
mysql_remove_test_database: true
|
|
|
|
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-show-database
|
|
mysql_hardening_skip_show_database: true
|
|
|
|
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-grant-tables
|
|
mysql_hardening_skip_grant_tables: false
|
|
|
|
# @see http://www.symantec.com/connect/articles/securing-mysql-step-step
|
|
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_chroot
|
|
mysql_hardening_chroot: ""
|
|
mysql_hardening_user: "mysql"
|
|
|
|
mysql_hardening_options:
|
|
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_safe-user-create
|
|
safe-user-create: 1
|
|
|
|
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option-mysqld-secure-auth
|
|
secure-auth: 1
|
|
|
|
# @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option-mysqld-symbolic-links
|
|
skip-symbolic-links: 1
|
|
|
|
# @see http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar-local-infile
|
|
local-infile: 0
|
|
|
|
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option-mysqld-allow-suspicious-udfs
|
|
allow-suspicious-udfs: 0
|
|
|
|
# @see https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar-automatic-sp-privileges
|
|
automatic-sp-privileges: 0
|
|
|
|
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option-mysqld-secure-file-priv
|
|
secure-file-priv: '/tmp'
|
|
# @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_user
|
|
user: '{{mysql_hardening_user}}'
|