Skip to content

Instantly share code, notes, and snippets.

View 5car1z's full-sized avatar

Scarlz 5car1z

17 followers · 11 following
  • U.K.
View GitHub Profile
@5car1z
5car1z / jail.local
Created May 18, 2018 15:57
Fail2ban Jail configuration file; for an Ansible playbook example.
[DEFAULT]
# email address to receive notifications.
destemail = root@localhost
# the email address from which to send emails.
sender = root@<fq-hostname>
# name on the notification emails.
sendername = Fail2Ban
# email transfer agent to use.
mta = sendmail
@5car1z
5car1z / fail2ban-playbook.yml
Last active December 9, 2023 18:42
Simple Ansible playbook to install Fail2ban.
---
- name: installs fail2ban on ansible hosts
hosts: fail2ban-hosts
become: yes
tasks:
- name: install apt fail2ban packages
apt:
name: "{{ item }}"
state: latest
@5car1z
5car1z / sources.list
Created March 21, 2018 17:36
## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl
###
# See http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html
@5car1z
5car1z / meltdown-spectre-linux.yml
Last active November 27, 2018 14:19
Meltdown and Spectre Kernel Upgrade Packages for Ansible
# https://meltdownattack.com
- name: Patch Linux systems against Meltdown and Spectre
hosts: "{{ target_hosts | default('all') }}"
become: yes
vars:
reboot_after_update: yes
packages:
# https://access.redhat.com/security/vulnerabilities/speculativeexecution
@5car1z
5car1z / ansible.cfg
Created October 1, 2017 18:51
[defaults]
hostfile = hosts
@5car1z
5car1z / hosts
Last active October 1, 2017 18:53
[local]
localhost ansible_connection=local
@5car1z
5car1z / local-update-playbook.yml
Last active October 1, 2017 18:56
Debian/Ubuntu Apt package update and upgrade playbook, local example.
---
- name: run the playbook tasks on the localhost
hosts: localhost
become: yes
tasks:
- name: print out the hostname of target
command: hostname
@5car1z
5car1z / 10-uname
Last active September 9, 2017 13:45
#! /usr/bin/env bash
# Initial
DROPLET_OS=`lsb_release -a | tail -n 3 | sed -n '1p' | awk '{$1=""; print substr($0,2)}'`
DROPLET_LOCAL_TIME=`timedatectl | sed -n '1p' | awk '{$1=""; print substr($0,8)}'`
DROPLET_TIMEZONE=`timedatectl | sed -n '4p' | awk '{$1=""; print substr($0,8)}'`
# Basic info
DROPLET_HOSTNAME=`uname -n`
DROPLET_IP=`wget -qO - ifconfig.co`
@5car1z
5car1z / main.yml
Last active August 2, 2017 19:55
YAML Server Provision Example (Standard YAML) (1).
---
provisioned_users:
- name: user-one
encrypted_password: $1$@YMgS-5Y$2lH.vkVmawJ810djjkGp70
public_keys:
- /home/$USER/.ssh/id_rsa.pub
sudo: true
adm: true
@5car1z
5car1z / main.yml
Last active August 2, 2017 19:56
YAML Server Provision Example (Abbreviated YAML).
provisioned_users:
- {name: user-one, encrypted_password: $1$@YMgS-5Y$2lH.vkVmawJ810djjkGp70, public_keys: [/home/$USER/.ssh/id_rsa.pub], sudo: true, adm: true}
- {name: user-two, encrypted_password: $1$@YMgS-5Y$2lH.vkVmawJ810djjkGp70, public_keys: [/home/$USER/.ssh/id_rsa.pub, /home/$USER/.ssh/id_rsa.pub], sudo: true, adm: true}
- {name: user-three, encrypted_password: $1$@YMgS-5Y$2lH.vkVmawJ810djjkGp70, public_keys: [/home/$USER/.ssh/id_rsa.pub, /home/$USER/.ssh/id_rsa.pub, /home/$USER/.ssh/id_rsa.pub], sudo: false, adm: false}
- {name: user-four, encrypted_password: $1$@YMgS-5Y$2lH.vkVmawJ810djjkGp70, public_keys: [/home/$USER/.ssh/id_rsa.pub, /home/$USER/.ssh/id_rsa.pub, /home/$USER/.ssh/id_rsa.pub, /home/$USER/.ssh/id_rsa.pub], sudo: false, adm: false}