Nav apraksta
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.

security.yml 1021B

12345678910111213141516171819202122232425262728293031323334353637
  1. - name: Install security-related packages
  2. apt:
  3. name: "{{ packages }}"
  4. state: present
  5. vars:
  6. packages:
  7. - whois
  8. - lynis
  9. - rkhunter
  10. tags:
  11. - dependencies
  12. - name: Install newer fail2ban with IPv6 support
  13. apt:
  14. name: "fail2ban"
  15. state: present
  16. default_release: stretch-backports
  17. tags:
  18. - dependencies
  19. - name: Copy fail2ban configuration into place
  20. template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local
  21. notify: restart fail2ban
  22. - name: Copy fail2ban dovecot configuration into place
  23. copy: src=etc_fail2ban_filter.d_dovecot-pop3imap.conf dest=/etc/fail2ban/filter.d/dovecot-pop3imap.conf
  24. notify: restart fail2ban
  25. - name: Ensure fail2ban is started
  26. service: name=fail2ban state=started
  27. - name: Update sshd config for PFS and more secure defaults
  28. template: src=etc_ssh_sshd_config.j2 dest=/etc/ssh/sshd_config
  29. notify: restart ssh
  30. - name: Update ssh config for more secure defaults
  31. template: src=etc_ssh_ssh_config.j2 dest=/etc/ssh/ssh_config