Uppercased first letter of task names. (#422)

Signed-off-by: Farid Joubbi <[email protected]>

Author: joubbi

roles/mysql_hardening/handlers/main.yml

@@ -1,6 +1,6 @@
 ---
 
-- name: restart mysql
+- name: Restart mysql
   service:
     name: '{{ mysql_daemon }}'
     state: restarted

roles/mysql_hardening/tasks/configure.yml

@@ -1,5 +1,5 @@
 ---
-- name: protect my.cnf
+- name: Protect my.cnf
   file:
     path: '{{ mysql_hardening_mysql_conf_file }}'
     mode: '0640'
@@ -8,49 +8,49 @@
     follow: true
     state: file
 
-- name: ensure permissions on mysql-datadir are correct
+- name: Ensure permissions on mysql-datadir are correct
   file:
     path: '{{ mysql_datadir }}'
     state: directory
     owner: '{{ mysql_hardening_user }}'
     group: '{{ mysql_hardening_user }}'
     mode: '0750'
 
-- name: ensure permissions on mysql-logfile are correct
+- name: Ensure permissions on mysql-logfile are correct
   file:
     path: '{{ mysql_hardening_log_file }}'
     state: file
     owner: '{{ mysql_hardening_user }}'
     group: '{{ mysql_hardening_group }}'
     mode: '0640'
 
-- name: check mysql configuration-directory exists and has right permissions
+- name: Check mysql configuration-directory exists and has right permissions
   file:
     path: '{{ mysql_hardening_mysql_confd_dir }}'
     state: directory
     owner: '{{ mysql_hardening_user }}'
     group: '{{ mysql_hardening_group }}'
     mode: '0750'
 
-- name: check include-dir directive is present in my.cnf
+- name: Check include-dir directive is present in my.cnf
   lineinfile:
     dest: '{{ mysql_hardening_mysql_conf_file }}'
     line: '!includedir {{ mysql_hardening_mysql_confd_dir }}'
     insertafter: 'EOF'
     state: present
     backup: true
-  notify: restart mysql
+  notify: Restart mysql
 
-- name: apply hardening configuration
+- name: Apply hardening configuration
   template:
     src: 'hardening.cnf.j2'
     dest: '{{ mysql_hardening_mysql_hardening_conf_file }}'
     owner: '{{ mysql_cnf_owner }}'
     group: '{{ mysql_cnf_group }}'
     mode: '0640'
-  notify: restart mysql
+  notify: Restart mysql
 
-- name: enable mysql
+- name: Enable mysql
   service:
     name: '{{ mysql_daemon }}'
     enabled: '{{ mysql_daemon_enabled }}'

roles/mysql_hardening/tasks/mysql_secure_installation.yml

@@ -1,40 +1,40 @@
 ---
-- name: fail the role if the mysql root password was not set
+- name: Fail the role if the mysql root password was not set
   fail:
     msg: 'ERROR - you have to change default mysql_root_password'
   when: mysql_root_password == '-----====>SetR00tPa$$wordH3r3!!!<====-----'
 
-- name: root password is present
+- name: Root password is present
   mysql_user:
     name: 'root'
     host_all: true
     password: '{{ mysql_root_password | mandatory }}'
     state: present
     login_unix_socket: "{{ login_unix_socket | default(omit) }}"
 
-- name: install .my.cnf with credentials
+- name: Install .my.cnf with credentials
   template:
     src: 'my.cnf.j2'
     dest: '{{ mysql_user_home }}/.my.cnf'
     mode: '0400'
   tags: my_cnf
 
-- name: test database is absent
+- name: Test database is absent
   mysql_db:
     name: test
     state: absent
     login_unix_socket: "{{ login_unix_socket | default(omit) }}"
   when: mysql_remove_test_database
 
-- name: anonymous users are absent
+- name: Anonymous users are absent
   mysql_user:
     name: ''
     state: absent
     host_all: true
     login_unix_socket: "{{ login_unix_socket | default(omit) }}"
   when: mysql_remove_anonymous_users
 
-- name: remove remote root
+- name: Remove remote root
   community.mysql.mysql_query:
     query:
       - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')

roles/nginx_hardening/handlers/main.yml

@@ -1,5 +1,5 @@
 ---
-- name: restart nginx
+- name: Restart nginx
   service:
     name: "nginx"
     state: restarted

roles/nginx_hardening/tasks/main.yml

@@ -1,14 +1,14 @@
 ---
-- name: create additional configuration
+- name: Create additional configuration
   template:
     src: "hardening.conf.j2"
     dest: "/etc/nginx/conf.d/90.hardening.conf"
     mode: '0600'
     owner: "root"
     group: "root"
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: change configuration in main nginx.conf
+- name: Change configuration in main nginx.conf
   lineinfile:
     dest: "/etc/nginx/nginx.conf"
     regexp: '^\s*server_tokens'
@@ -17,9 +17,9 @@
     mode: '0640'
     owner: "root"
     group: "root"
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: change ssl_protocols in main nginx.conf
+- name: Change ssl_protocols in main nginx.conf
   lineinfile:
     dest: "/etc/nginx/nginx.conf"
     regexp: '^\s*ssl_protocols'
@@ -28,9 +28,9 @@
     mode: '0640'
     owner: "root"
     group: "root"
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: change ssl_prefer_server_ciphers in main nginx.conf
+- name: Change ssl_prefer_server_ciphers in main nginx.conf
   lineinfile:
     dest: "/etc/nginx/nginx.conf"
     regexp: '^\s*ssl_prefer_server_ciphers'
@@ -39,9 +39,9 @@
     mode: '0640'
     owner: "root"
     group: "root"
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: change client_max_body_size in main nginx.conf
+- name: Change client_max_body_size in main nginx.conf
   lineinfile:
     dest: "/etc/nginx/nginx.conf"
     regexp: '^\s*client_max_body_size'
@@ -50,9 +50,9 @@
     mode: '0640'
     owner: "root"
     group: "root"
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: change client_body_buffer_size in main nginx.conf
+- name: Change client_body_buffer_size in main nginx.conf
   lineinfile:
     dest: "/etc/nginx/nginx.conf"
     regexp: '^\s*client_body_buffer_size'
@@ -61,9 +61,9 @@
     mode: '0640'
     owner: "root"
     group: "root"
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: change keepalive_timeout in main nginx.conf
+- name: Change keepalive_timeout in main nginx.conf
   lineinfile:
     dest: "/etc/nginx/nginx.conf"
     regexp: '^\s*keepalive_timeout'
@@ -72,23 +72,23 @@
     mode: '0640'
     owner: "root"
     group: "root"
-  notify: restart nginx
+  notify: Restart nginx
 
-- name: remove default.conf
+- name: Remove default.conf
   file:
     path: "{{ item }}"
     state: absent
   when: nginx_remove_default_site
-  notify: restart nginx
+  notify: Restart nginx
   loop:
     - "/etc/nginx/conf.d/default.conf"
     - "/etc/nginx/sites-enabled/default"
 
-- name: generate dh group
+- name: Generate dh group
   openssl_dhparam:
     path: "/etc/nginx/dh{{ nginx_dh_size }}.pem"
     size: "{{ nginx_dh_size }}"
     mode: '0640'
     owner: "root"
     group: "root"
-  notify: restart nginx
+  notify: Restart nginx

roles/os_hardening/handlers/main.yml

@@ -1,3 +1,3 @@
 ---
-- name: update-initramfs
+- name: Update-initramfs
   command: 'update-initramfs -u'

roles/os_hardening/tasks/apt.yml

@@ -1,5 +1,5 @@
 ---
-- name: remove deprecated or insecure packages | package-01 - package-09
+- name: Remove deprecated or insecure packages | package-01 - package-09
   apt:
     name: '{{ os_security_packages_list }}'
     state: 'absent'

roles/os_hardening/tasks/auditd.yml

@@ -1,10 +1,10 @@
 ---
-- name: install auditd package | package-08
+- name: Install auditd package | package-08
   package:
     name: '{{ auditd_package }}'
     state: 'present'
 
-- name: configure auditd | package-08
+- name: Configure auditd | package-08
   template:
     src: 'etc/audit/auditd.conf.j2'
     dest: '/etc/audit/auditd.conf'

roles/os_hardening/tasks/limits.yml

@@ -1,14 +1,14 @@
 ---
 - block:
-  - name: create limits.d-directory if it does not exist | sysctl-31a, sysctl-31b
+  - name: Create limits.d-directory if it does not exist | sysctl-31a, sysctl-31b
     file:
       path: '/etc/security/limits.d'
       owner: 'root'
       group: 'root'
       mode: '0755'
       state: 'directory'
 
-  - name: create additional limits config file -> 10.hardcore.conf | sysctl-31a, sysctl-31b
+  - name: Create additional limits config file -> 10.hardcore.conf | sysctl-31a, sysctl-31b
     pam_limits:
       dest: '/etc/security/limits.d/10.hardcore.conf'
       domain: '*'
@@ -17,7 +17,7 @@
       value: '0'
       comment: Prevent core dumps for all users. These are usually not needed and may contain sensitive information
 
-  - name: set 10.hardcore.conf perms to 0400 and root ownership
+  - name: Set 10.hardcore.conf perms to 0400 and root ownership
     file:
       path: /etc/security/limits.d/10.hardcore.conf
       owner: 'root'
@@ -29,7 +29,7 @@
 
   when: not os_security_kernel_enable_core_dump | bool
 
-- name: remove 10.hardcore.conf config file
+- name: Remove 10.hardcore.conf config file
   file:
     path: /etc/security/limits.d/10.hardcore.conf
     state: absent

roles/os_hardening/tasks/login_defs.yml

@@ -1,5 +1,5 @@
 ---
-- name: create login.defs | os-05, os-05b
+- name: Create login.defs | os-05, os-05b
   template:
     src: 'etc/login.defs.j2'
     dest: '/etc/login.defs'