Netguru NetguruGist
NetguruGist
/ gist:f3a1b712f166b73d4838b9c82334e7b9
Created
February 14, 2017 10:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /etc/apt/apt.conf.d/50unattended-upgrades |
NetguruGist
/ gist:1b9689550dd9f024acdf448a637b4c7c
Created
February 14, 2017 10:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: "Automated security updates" | |
| apt: name=unattended-upgrades state=present | |
| - file: path=/etc/apt/apt.conf.d/10periodic state=absent | |
| - blockinfile: | |
| dest: /etc/apt/apt.conf.d/10periodic |
NetguruGist
/ gist:7330332b8179eac0eb4e17a592c3ab46
Created
February 14, 2017 10:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - ufw: rule=allow port=22 from_ip=IP proto=tcp |
NetguruGist
/ gist:d5ff7e301817202cc6f8617668547d25
Created
February 14, 2017 10:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: "Setting up a firewall" | |
| action: lineinfile dest=/etc/default/ufw regexp="^IPV6" line="IPV6=yes" state=present | |
| - ufw: rule=allow port={% raw %}{{ item }}{% endraw %} proto=tcp | |
| with_items: | |
| - 22 |
NetguruGist
/ gist:bad6bc1d8724914dd6e54d7ea403ddb2
Created
February 14, 2017 10:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (...) | |
| become: true | |
| handlers: | |
| - name: Restart ssh | |
| action: service name=ssh state=restarted |
NetguruGist
/ gist14
Created
February 14, 2017 10:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: "Enforce ssh key logins" | |
| action: lineinfile dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present | |
| notify: Restart ssh | |
| - action: lineinfile dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present | |
| notify: Restart ssh |
NetguruGist
/ gist12.1
Created
February 14, 2017 10:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt-get update; apt-get upgrade | |
| apt-get install pwgen whois | |
| /usr/bin/pwgen -s 40 1 (save result internally to Ansible to “root_password” variable) | |
| /usr/bin/mkpasswd {result from root_password} --method=SHA-512 (save internally to “root_crypted_password”) | |
| Set the root password | |
| Print the root password, so that you can see what it is |
NetguruGist
/ gist12.1
Created
February 14, 2017 10:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt-get update; apt-get upgrade | |
| apt-get install pwgen whois | |
| /usr/bin/pwgen -s 40 1 (save result internally to Ansible to “root_password” variable) | |
| /usr/bin/mkpasswd {result from root_password} --method=SHA-512 (save internally to “root_crypted_password”) | |
| Set the root password | |
| Print the root password, so that you can see what it is |
NetguruGist
/ gist:193b4a3300f8171e3f39cd83335ea327
Created
February 14, 2017 10:00
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: "Add your user" | |
| user: name=deploy shell=/bin/bash group=sudo | |
| - authorized_key: user=deploy key="SSH_KEY" exclusive=yes | |
| - shell: /usr/bin/pwgen -s 40 1 | |
| register: deploy_password |
NetguruGist
/ gist:15acad05f96f917d8678b325a9184f92
Created
February 14, 2017 09:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: "First things first - install latest patches" | |
| apt: update_cache=yes upgrade=full | |
| - name: "First things first - create random root password" | |
| apt: name={{ item }} state=present | |
| with_items: |