thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
455 Commits
1 Branch
Tree: c55437d341
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c55437d341'
${ noResults }
sovereign/roles/common/tasks/security.yml

security.yml 726B
History Raw

123456789101112131415161718192021 
  1. - name: Install security-related packages

  2.   apt: pkg={{ item }} state=installed

  3.   with_items:

  4.     - fail2ban

  5.     - lynis

  6.     - rkhunter

  7. 

  8. - name: Copy fail2ban configuration into place

  9.   template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local

  10.   notify: restart fail2ban

  11. 

  12. - name: Copy fail2ban dovecot configuration into place

  13.   copy: src=etc_fail2ban_filter.d_dovecot-pop3imap.conf dest=/etc/fail2ban/filter.d/dovecot-pop3imap.conf

  14.   notify: restart fail2ban

  15. 

  16. - name: Ensure fail2ban is started

  17.   service: name=fail2ban state=started

  18. 

  19. - name: Update sshd config to disallow root logins

  20.   lineinfile: dest=/etc/ssh/sshd_config regexp=^PermitRootLogin line="PermitRootLogin no" state=present

  21.   notify: restart ssh