blob: c00b941f6f68649339065a64771f68d4730bfdba (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
---
- name: Install security-related packages
apt: pkg={{ item }} state=installed
with_items:
- fail2ban
- whois
- lynis
- rkhunter
- debsums
tags:
- dependencies
- name: Copy fail2ban configuration into place
template: src=etc_fail2ban_jail.local.j2 dest=/etc/fail2ban/jail.local
notify: restart fail2ban
- name: Ensure fail2ban is started
service: name=fail2ban state=started enabled=yes
- name: Update sshd (server) config for PFS and more secure defaults
template: src=etc_ssh_sshd_config.j2 dest=/etc/ssh/sshd_config
notify: restart ssh
- name: Update ssh (client) config for more secure defaults
template: src=etc_ssh_ssh_config.j2 dest=/etc/ssh/ssh_config
|