$ brew install ansible # OSX
$ [sudo] pip install ansible # elsewhere
droid95
droid95
/ secure-ssh.yml
Created
March 4, 2021 15:32
— forked from khusnetdinov/secure-ssh.yml
Secure SSH configuration ansible playbook
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SSH server settings, in line with https://stribika.github.io/2015/01/04/secure-secure-shell.html | |
| # Before using, change myhosts to your hosts' nickname and myuser to your username (two instances! make sure you replace both or you'll be locked out of ssh!) | |
| - hosts: myhosts | |
| become: true | |
| remote_user: myuser | |
| tasks: | |
| # Key exchange, ciphers and MACs | |
| - lineinfile: dest=/etc/ssh/sshd_config regexp='^KexAlgorithms' line='KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256' | |
droid95
/ secure-ssh.yml
Created
March 4, 2021 15:31
— forked from cmavr8/secure-ssh.yml
Secure SSH configuration ansible playbook. Last updated years ago, NOT recommended for use. There are better ways to do this today.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SSH server settings, in line with https://stribika.github.io/2015/01/04/secure-secure-shell.html | |
| # Before using, change myhosts to your hosts' nickname and myuser to your username (two instances! make sure you replace both or you'll be locked out of ssh!) | |
| - hosts: myhosts | |
| become: true | |
| remote_user: myuser | |
| tasks: | |
| # Key exchange, ciphers and MACs | |
| - lineinfile: dest=/etc/ssh/sshd_config regexp='^KexAlgorithms' line='KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256' | |
droid95
/ disable-service.yml
Created
March 4, 2021 15:21
— forked from tyrells/disable-service.yml
Ansible task to stop service even if it doesn't exist
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This task will stop and disable a service without failing if the service does not exist. | |
| # Requires Ansible 1.4 or newer. | |
| # Update Dec 2016: Have rewritten this for the latest version of ansible and put conditions for both Ubuntu and CentOS | |
| - name: "disable unused services" | |
| service: name={{item}} state=stopped enabled=no | |
| register: command_result | |
| failed_when: "unused_disable|failed and ('find' not in unused_disable.msg and 'found' not in unused_disable.msg)" | |
| with_items: |
droid95
/ ansible.md
Created
March 4, 2021 15:16
— forked from rstacruz/ansible.md
Getting started with Ansible
droid95
/ fail2ban-playbook.yml
Created
March 4, 2021 15:13
— forked from 5car1z/fail2ban-playbook.yml
Simple Ansible playbook to install Fail2ban.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - name: installs fail2ban on ansible hosts | |
| hosts: fail2ban-hosts | |
| become: yes | |
| tasks: | |
| - name: install apt fail2ban packages | |
| apt: | |
| name: "{{ item }}" | |
| state: latest |
droid95
/ meta-tags.md
Created
December 7, 2020 06:57
— forked from lancejpollard/meta-tags.md
Complete List of HTML Meta Tags
NewerOlder