Skip to content
This repository has been archived by the owner on Jun 22, 2022. It is now read-only.

setswei/ansible-role-hardening

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
vars
vars
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Linux Hardening Role for Ansible

This role configures current best practice hardening techniques to help prevent the server from being vulnerable to common attacks. Key points addressed by this role are:

  • Removing unused users & groups
  • Mounting tmpfs as read-only
  • Limit the use of su
  • Tighten network security
  • Basic iptables management

Requirements

This role requires Ansible version 1.4 or higher and the Debian/Ubuntu platform.

Role Variables

The variables that can be passed to this role and a brief description about them are as follows:

# The default firewall port for SSH
hardening_ssh_port: 22

# The default firewall port for MySQL
hardening_mysql_port: 3306

# The default firewall port for web traffic
hardening_webserver_ports:
  - 80
  - 443

# The default list of IPs allowed through the firewall
hardening_allowed_ips:
  - "127.0.0.1"

Examples

  1. Harden the server using default settings

    ---
- name: Apply hardening to all nodes
  hosts: all
  roles:
    - hardening

  2. Harden the server using customized parameters

    ---
- name: Apply hardening to all nodes
  hosts: all
  roles:
    - { role: hardening
        hardening_ssh_port: "{{ openssh_port }}"
      }

Dependencies

None.

License

MIT.

About

Ansible role for basic server hardening

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published