Ansible role for hardening Linux
Home Page: https://www.tauceti.blog/post/kubernetes-the-not-so-hard-way-with-ansible-harden-the-instances/
License: GNU General Public License v3.0
When trying to use the latest release of Ansible AWX, this role cannot be used, because it has a dash ('-') instead of an underscore ('_') in it's name.
Can you rename it's galaxy entry, or provide an alternative maybe?
Used collections requirements:
collections:
- name: githubixx.harden-linuxHi TauCeti,
First of all thank you for this great tutorial and for the ansible roles. I'm trying to follow along and build my own k8s cluster using Ansible on Scaleway instances.
FYI, using the recently released Bionic Beaver image at Scaleway, there are a few missing packages to get started: there is no python and no sudo package.
So a prerequisite to running ansible is to install at least python-minimal.
Then when trying to apply this role I got this error message:
It turns out the Scaleway image has no sudo package installed by default. So maybe this task could be included in the playbook ? Otherwise it might also be simpler just to install it along with python-minimal when preparing the instances...
- name: Install sudo
apt:
name: sudo
state: latest
update_cache: yes
I'll let you know if I run into anything else that might be useful to others.
FYI, as this role targets Ubuntu, you may find DebOps interesting which can do all that this role lists under features and more. It is a more comprehensive approach of doing config management for Debian-based hosts.
Only instead of Sshguard, we use fail2ban.
Otherwise, there is also https://github.com/dev-sec if you donβt like comprehensive approaches π
Full disclosure: I am a developer of DebOps.
Hi,
It's more a question than an issue actually
I am struggling with a bunch of VPS at different providers I was managing by hand until now and thanks to your blog I try to simplify my life with Ansible.
My deploy user already exists, so I had to switch off "Add deploy user" and "Add authorised keys..".
At the moment I merely commented them out, although I suppose there must a better way to do it.
I see my root pass changed, packages installed and my ssh port shifted, etc.,
But the ssh daemon still runs on 22. I think that it makes sense as the primary connection for Ansible.
Is the role supposed to restart the ssh daemon eventually or is it a manual task?
The state "installed" is deprecated and should be replaced by "present" in task "Install aptitude"
I'm quite new at GitHub and Ansible, so for the time being I'd rather open an issue than submit a PR I would not be very confident with...
Thanks.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google β€οΈ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.