thomas
/
sovereign
Seguir 1
Destacar 0
Cuchillo 0
Código Incidencias 0 Peticiones pull 0 Lanzamientos 0 Wiki Actividad
Sin descripción
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
997 Commits
1 Rama
Árbol: c71c6d8559
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'c71c6d8559'
${ noResults }
sovereign/roles/common/tasks/security.yml

security.yml 873B
Histórico Original

123456789101112131415161718192021222324252627282930 
  1. - name: Install security-related packages

  2.   apt:

  3.     name: "{{ packages }}"

  4.     state: present

  5.   vars:

  6.     packages:

  7.     - fail2ban

  8.     - whois

  9.     - lynis

  10.     - rkhunter

  11.   tags:

  12.     - dependencies

  13. 

  14. - name: Copy fail2ban configuration into place

  15.   template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local

  16.   notify: restart fail2ban

  17. 

  18. - name: Copy fail2ban dovecot configuration into place

  19.   copy: src=etc_fail2ban_filter.d_dovecot-pop3imap.conf dest=/etc/fail2ban/filter.d/dovecot-pop3imap.conf

  20.   notify: restart fail2ban

  21. 

  22. - name: Ensure fail2ban is started

  23.   service: name=fail2ban state=started

  24. 

  25. - name: Update sshd config for PFS and more secure defaults

  26.   template: src=etc_ssh_sshd_config.j2 dest=/etc/ssh/sshd_config

  27.   notify: restart ssh

  28. 

  29. - name: Update ssh config for more secure defaults

  30.   template: src=etc_ssh_ssh_config.j2 dest=/etc/ssh/ssh_config