diff options
Diffstat (limited to 'roles/common/tasks/security.yml')
-rw-r--r-- | roles/common/tasks/security.yml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/roles/common/tasks/security.yml b/roles/common/tasks/security.yml new file mode 100644 index 0000000..c00b941 --- /dev/null +++ b/roles/common/tasks/security.yml @@ -0,0 +1,26 @@ +--- +- name: Install security-related packages + apt: pkg={{ item }} state=installed + with_items: + - fail2ban + - whois + - lynis + - rkhunter + - debsums + tags: + - dependencies + +- name: Copy fail2ban configuration into place + template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local + notify: restart fail2ban + +- name: Ensure fail2ban is started + service: name=fail2ban state=started enabled=yes + +- name: Update sshd (server) config for PFS and more secure defaults + template: src=etc_ssh_sshd_config.j2 dest=/etc/ssh/sshd_config + notify: restart ssh + +- name: Update ssh (client) config for more secure defaults + template: src=etc_ssh_ssh_config.j2 dest=/etc/ssh/ssh_config + |