Skip to content

Instantly share code, notes, and snippets.

@michaelkrieg

michaelkrieg/ubuntu-server-hardening.sh

Last active September 13, 2017 09:16
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save michaelkrieg/e639b498810437f29a524b4d8ae73f9a to your computer and use it in GitHub Desktop.
Save michaelkrieg/e639b498810437f29a524b4d8ae73f9a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ubuntu-server-hardening.sh
#!/usr/bin/env bash
export DEBIAN_FRONTEND=noninteractive
sudo -E -H apt-get install -y software-properties-common rkhunter fail2ban
sudo -H apt-add-repository -y -u ppa:ansible/ansible
sudo -H apt-get install -y ansible
sudo -H ansible-galaxy install dev-sec.os-hardening dev-sec.ssh-hardening 2>/dev/null
cat << 'EOF' > hardening-playbook.yml
- hosts: localhost
tasks:
- name: Update all packages to the latest version
apt:
upgrade: dist
autoremove: yes
roles:
- dev-sec.os-hardening
- dev-sec.ssh-hardening
vars:
ssh_print_motd: true
ssh_print_debian_banner: true
EOF
ansible-playbook --become hardening-playbook.yml 2>/dev/null
sudo -H apt-get remove --purge --yes ansible
sudo -H apt-get autoremove --yes
sudo -H rm -Rvf /etc/ansible hardening-playbook.*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment