Try SpotterThis module manages security options on IBM Storage Virtualize family storage systems
| "added in version" 2.1.0 of ibm.storage_virtualize"
Authors: Sumit Kumar Gupta (@sumitguptaibm)
Install with ansible-galaxy collection install ibm.storage_virtualize:==2.3.1
collections:
- name: ibm.storage_virtualize
version: 2.3.1Ansible interface to manage 'chsecurity' command.
- name: Change max failed login limit
ibm.storage_virtualize.ibm_sv_manage_security:
clustername: "{{cluster}}"
username: "{{username}}"
password: "{{password}}"
log_path: /tmp/playbook.debug
maxfailedlogins: 5
- name: Change SSH protocol level
ibm.storage_virtualize.ibm_sv_manage_security:
clustername: "{{cluster}}"
username: "{{username}}"
password: "{{password}}"
log_path: /tmp/playbook.debug
sshprotocol: 2
token:
description:
- The authentication token to verify a user on the Storage Virtualize storage system.
- To generate a token, use the ibm_svc_auth module.
type: str
domain:
description:
- Domain for the Storage Virtualize storage system.
- Valid when hostname is used for the parameter I(clustername).
type: str
log_path:
description:
- Path of debug log file.
type: str
password:
description:
- REST API password for the Storage Virtualize storage system.
- The parameters I(username) and I(password) are required if not using I(token) to
authenticate a user.
type: str
username:
description:
- REST API username for the Storage Virtualize storage system.
- The parameters I(username) and I(password) are required if not using I(token) to
authenticate a user.
type: str
clitimeout:
description:
- Specifies the amount of time (in minutes) in range 5 - 240 before a session expires
and the user is logged out of the CLI for inactivity.
type: int
guitimeout:
description:
- Specifies the amount of time (in minutes) in range 5 - 240 before a session expires
and the user is logged out of the GUI for inactivity.
type: int
clustername:
description:
- The hostname or management IP of the Storage Virtualize storage system.
required: true
type: str
sshmaxtries:
description:
- Specifies the amount of allowed login attempts (in range 1-10) per a single SSH
connection.
type: int
sshprotocol:
description:
- Specifies the numeric value for the SSH security level setting in range 1 - 3.
- The level 1 Allows the following key exchange methods curve25519-sha256 curve25519-sha256@libssh.org
ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256
diffie-hellman-group14-sha1 diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1
- The level 2 Allows the following key exchange methods curve25519-sha256 curve25519-sha256@libssh.org
ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256
diffie-hellman-group14-sha1
- The level 3 Allows the following key exchange methods curve25519-sha256 curve25519-sha256@libssh.org
ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256
type: int
sshgracetime:
description:
- Specifies the duration of time in seconds in range 15-1800, a user has to enter
login factors per SSH connection before the connection is terminated.
type: int
expirywarning:
description:
- Specifies the number of days in range 0 -30 before a password expires to raise a
warning. The warning is displayed on every CLI login until the password is changed.
A value of 0 means that the feature is disabled and warnings are not displayed.
type: int
lockoutperiod:
description:
- Specifies the number of minutes in range 0 - 10080 that a user is locked out for
if the max failed logins value is reached. A value of 0 implies the user is indefinitely
locked out when the max failed login attempts are reached.
type: int
minpasswordage:
description:
- Specifies the minimum number of days between password changes in range 0 -365. This
setting is enforced if checkpasswordhistory is enabled. This restriction is ignored
if the password is expired. The setting does nothing if the value is greater than
the passwordexpiry value.
type: int
passworddigits:
description:
- Specifies mimimum number of digits in range 0 -3 required in passwords for local
users.
type: int
passwordexpiry:
description:
- Specifies the number of days in range 0 - 365 before a password expires. A value
of 0 means the feature is disabled and passwords do not expire.
type: int
restapitimeout:
description:
- Specifies token expiry time in minutes in the range 10 - 120.
type: int
validate_certs:
default: false
description:
- Validates certification.
type: bool
maxfailedlogins:
description:
- Specifies the number of failed login attempts in range 0 -10 before the user account
is locked for the amount of time that is specified in lockout period. A value of
0 means that the feature is disabled and accounts are not locked out after failed
login attempts.
type: int
resetsshprotocol:
description:
- Resets the SSH protocol security level to the default value 3 and configures the
system to automatically follow the suggested level.
type: bool
superuserlocking:
choices:
- enable
- disable
description:
- Specifies whether the locking policy configured on the system also applies to the
superuser. The value is either enable or disable. This parameter is only supported
on systems with a dedicated technician port.
type: str
minpasswordlength:
description:
- Specifies the minimum length requirement in range 6 -64 for user account passwords
on the system.
type: int
passwordlowercase:
description:
- Specifies number of minimum lowercase characters in range 0 - 3 required in passwords
for local users.
type: int
passworduppercase:
description:
- Specifies number of minimum uppercase characters in range 0 - 3 in passwords for
local users.
type: int
maxpasswordhistory:
description:
- Specifies the number of previous passwords in range 0 - 10 to compare with if checkpasswordhistory
is enabled. A value of 0 means that the new password is compared with the current
password only.
type: int
disablesuperusercim:
choices:
- 'yes'
- 'no'
description:
- Specifies whether CIMOM access must be disabled for the superuser.
type: str
disablesuperusergui:
choices:
- 'yes'
- 'no'
description:
- Specifies whether GUI access must be disabled for the superuser.
type: str
checkpasswordhistory:
choices:
- 'yes'
- 'no'
description:
- Specifies whether the system prevents the user from reusing a previous password.
type: str
disablesuperuserrest:
choices:
- 'yes'
- 'no'
description:
- Specifies whether REST API access must be disabled for the superuser.
type: str
passwordspecialchars:
description:
- Specifies number of minimum required special characters in range 0 - 3 in passwords
for local users.
type: int
superusermultifactor:
choices:
- 'yes'
- 'no'
description:
- Specifies whether the superuser should be prompted for multifactor authentication.
type: str
superuserpasswordkeyrequired:
choices:
- 'yes'
- 'no'
description:
- Specifies whether the superuser must provide both a password and SSH key for authentication.
type: str