This playbook is based on Linode documentation.
https://library.linode.com/securing-your-server
Even if this script does some security related configuration I don't guarantee that your server will be secure after running it. You have ensure this yourself. Read the license!
- Configuration described on https://library.linode.com/securing-your-server
- Logwatch monitoring
- Ansible inventory file template (./hosts)
- Empty SSH related files for adding your keys
- authorized_keys
- id_rsa
- id_rsa.pub
- known_hosts
- Editable settings including (./group_vars/servers)
- System user name
- Password for the user
- Admin email
- SSH port
- Fail2Ban - maxretry, bantime
- Ansible (tested on 1.6)
- Ubuntu server (tested on vanilla 12.04 LTS)
-
Clone the repository
-
Cd to the cloned folder
-
Enter your servers's IP/IPs to the ./hosts file
-
Change the settings on ./group_vars/servers
-
Cd to ./roles/jiv_e.secureubuntu/files/ssh
-
Run ssh-keygen -f ./id_rsa to create ssh keys for your server
-
Add your own public ssh key to the authorized_keys file to allow ssh without password
$ cat ~/.ssh/id_rsa.pub >> ./authorized_keys -
You may add some known_hosts if you want
-
Cd to the repository root and run
$ ansible-playbook -i hosts play.yml -c paramiko -k- Note: You may need to install paramiko for this. E.g.
$ sudo pip install paramiko -
Wait for the script to run and after that you can login in with SSH
$ ssh <username>@<server IP> -p <port number>
See the file ./group_vars/servers for more information.