Merge pull request #27 from OT-OSM/configure_secure_boot_al2

oo4abhishek · web-flow · commit b504234409e9 · 2025-11-05T17:17:11.000+05:30
Configure Secure Boot Setting AL2
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -49,3 +49,9 @@
   ansible.builtin.systemd:
     name: systemd-journald
     state: restarted
+
+- name: Reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: yes
+  become: true
+
diff --git a/tasks/amazon_linux.yaml b/tasks/amazon_linux.yaml
@@ -1,4 +1,6 @@
 ---
+- name: Amazon Linux 2 | Configure secure boot setting 
+  include_tasks: configure_secure_boot_al2.yaml
 - name: Amazon Linux 2 | Configure Time Synchronization
   include_tasks: configure_time_synchronization_al2.yaml
 - name: Amazon Linux 2 | Configure Filesystem Partitions
diff --git a/tasks/configure_secure_boot_al2.yaml b/tasks/configure_secure_boot_al2.yaml
@@ -0,0 +1,10 @@
+---
+- name: "Ensure authentication required for single user mode (rescue & emergency)"
+  ansible.builtin.lineinfile:
+    path: "/usr/lib/systemd/system/{{ item }}"
+    regexp: '^ExecStart='
+    line: 'ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
+    backup: yes
+  loop: "{{ rescue_emergency_units }}"
+  notify: Reload systemd
+
diff --git a/vars/main.yml b/vars/main.yml
@@ -89,6 +89,10 @@ os_services_name: ['avahi-daemon', 'slapd', 'named', 'cups', 'telnet', 'discard-
 minute_aide_cronjob: '0'
 hour_aide_cronjob: '5'
 
+#Configure SELinux
+rescue_emergency_units:
+  - rescue.service
+  - emergency.service
 # Configure Time Synchronization
 chrony_amazon_timesync_block: |
   # Amazon Linux 2 default Chrony configuration
