From 140026c7f14bbdf06eb104bc7e6e6db7e8eee4b5 Mon Sep 17 00:00:00 2001
From: Solomon Gifford <sgifford@blackmesh.com>
Date: Tue, 15 Dec 2015 15:14:53 -0500
Subject: [PATCH] Disallow root login remotely

---
 tasks/secure-installation.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tasks/secure-installation.yml b/tasks/secure-installation.yml
index 05113fe..a193a62 100644
--- a/tasks/secure-installation.yml
+++ b/tasks/secure-installation.yml
@@ -1,4 +1,10 @@
 ---
+- name: Disallow root login remotely
+  command: 'mysql -NBe "{{ item }}"'
+  with_items:
+    - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
+  changed_when: False
+
 - name: Get list of hosts for the root user.
   command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = "root" ORDER BY (Host="localhost") ASC'
   register: mysql_root_hosts