thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
413 Commits
1 Branch
Tree: d5ecf673d3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd5ecf673d3'
${ noResults }
sovereign/roles/common/tasks/security.yml

security.yml 651B
History Raw

123456789101112131415161718 
  1. - name: Install security-related packages

  2.   apt: pkg={{ item }} state=installed

  3.   with_items:

  4.     - fail2ban

  5.     - lynis

  6.     - rkhunter

  7. 

  8. - name: Copy fail2ban configuration into place

  9.   template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local

  10.   notify: restart fail2ban

  11. 

  12. - name: Copy fail2ban dovecot configuration into place

  13.   copy: src=etc_fail2ban_filter.d_dovecot-pop3imap.conf dest=/etc/fail2ban/filter.d/dovecot-pop3imap.conf

  14.   notify: restart fail2ban

  15. 

  16. - name: Update sshd config to disallow root logins

  17.   lineinfile: dest=/etc/ssh/sshd_config regexp=^PermitRootLogin line="PermitRootLogin no" state=present

  18.   notify: restart ssh