Make possible to mount /proc with option hideproc=2

roles/common/defaults/main.yml

@@ -16,6 +16,7 @@ with_auto_upgrade: False
 with_logcheck: False
 with_rkhunter: False
 with_chkrootkit: False
+with_hideproc: False
 
 with_smartd: False
 

roles/common/handlers/main.yml

@@ -1,4 +1,5 @@
 - include: base.yml
+- include: security.yml
 - include: smtp.yml
 - include: ssh.yml
 - include: smartd.yml

roles/common/handlers/security.yml

@@ -0,0 +1,2 @@
+- name: Remount /proc
+  shell: mount -o remount /proc

roles/common/tasks/security.yml

@@ -71,3 +71,9 @@
 - name: Update chkrootkit configuration
   template: src=chkrootkit/chkrootkit.conf.j2 dest=/etc/chkrootkit.conf owner=root group=root mode=0644
   when: with_chkrootkit
+
+- name: Update fstab to hide pids from /proc
+  lineinfile: dest=/etc/fstab regexp='(^proc\s+/proc\s+proc\s+)(\S+)(\s+[0-9]\s+[0-9])\s*$' line='\1defaults,hidepid=2\3' backrefs=yes
+  notify:
+      - Remount /proc
+  when: with_hideproc