Created
September 1, 2018 21:00
-
-
Save wahidsadik/c73e54441ebb2b39a6e8d2a2ddbd7c3e to your computer and use it in GitHub Desktop.
Playbook for hardening a new CentOS 7.x box
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This assumes that you are using this role: https://github.com/wahidsadik/ansible-role-harden-centos | |
# Run like this when SSH works with password only: $ ansible-playbook -i <IP>, centos-7x-hardening.md --user=<connection-user> --ask-pass | |
# Run like this when SSH works with key: $ ansible-playbook -i <IP>, centos-7x-hardening.md --user=<connection-user> --become --ask-become-pass | |
--- | |
- hosts: all | |
vars: | |
## Uncomment one of these variables to not run the relevant section | |
# add_deployment_user: False | |
# enable_auto_update: False | |
# enable_fail2ban: False | |
# enable_ufw: False | |
public_keys: [ | |
'~/.ssh/id_rsa.pub', | |
] | |
# password is `test` | |
# deployment_password: $6$AC3bdCF7$MA5sPtsGsOei6fCtyyzHeOqBpEzsi.yl9wS1yaP1.nKhuNR6ZBmcouWh6XJkrFdzreENtvUF4Gr2R0gfIQ/PT. | |
# enable_stop_password_authentication: False | |
# enable_stop_root_login: False | |
# If you want to use canned password, comment this and uncomment `deployment_password` from above | |
vars_prompt: | |
- name: "deployment_password" | |
prompt: "What password to use for new user?" | |
private: yes | |
encrypt: "sha512_crypt" | |
confirm: yes | |
salt_size: 7 | |
roles: | |
- { | |
role: wahidsadik.ansible-role-harden-ubuntu, | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment