logjam mitigation.

1 files changed, 9 insertions, 3 deletions

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 3b3c0a5..4e85d0a 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,39 +1,45 @@
 ---
 - include: sysctl.yml   tags=sysctl
 - include: hosts.yml
 - include: apt.yml      tags=apt
 - name: Install intel-microcode
   apt: pkg=intel-microcode
   when: "ansible_processor[0] | search('^Intel.*') and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')"
   tags: intel
 - include: firewall.yml tags=firewall,iptables
 - include: samhain.yml  tags=samhain
 - include: auditd.yml   tags=auditd
 - include: rkhunter.yml tags=rkhunter
 - include: clamav.yml   tags=clamav
 - include: fail2ban.yml tags=fail2ban
 - include: smart.yml    tags=smartmontools,smart
   when: "not ((ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') or ansible_system_vendor == 'QEMU')"
 - include: haveged.yml  tags=haveged,entropy
-- name: Copy genkeypair.sh
-  copy: src=usr/local/bin/genkeypair.sh
-        dest=/usr/local/bin/genkeypair.sh
+- name: Copy genkeypair.sh and gendhparam.sh
+  copy: src=usr/local/bin/{{ item }}
+        dest=/usr/local/bin/{{ item }}
         owner=root group=root
         mode=0755
   tags: genkey
+  with_items:
+    - genkeypair.sh
+    - gendhparam.sh
+- name: Generate DH parameters
+  command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem
+  tags: genkey
 - include: logging.yml  tags=logging
 - include: ntp.yml      tags=ntp
 - include: mail.yml     tags=mail,postfix
 
 - name: Install common packages
   apt: pkg={{ item }}
   with_items:
     - ca-certificates
     - etckeeper
     - ethtool
     - git
     - htop
     - molly-guard
     - rsync
     - screen
     - telnet-ssl