You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

67 lines
1.3 KiB

# https://www.raspberrypi.org/documentation/configuration/security.md
- hosts: attitude-adjuster
become: yes
tasks:
- name: disable ssh password logins
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^(#\s*)?{{ item }} '
line: "{{ item }} no"
notify: reload ssh
with_items:
- ChallengeResponseAuthentication
- PasswordAuthentication
- UsePAM
- name: disable pi user
user:
name: pi
password: !
- name: install ufw and fail2ban
package:
name: "{{ item }}"
state: present
with_items:
- ufw
- fail2ban
- name: allow access to dns, http, and https
ufw:
rule: allow
name: "{{ item }}"
with_items:
- DNS
- WWW Full
- name: limit ssh access
ufw:
rule: limit
name: OpenSSH
- name: enable ufw
ufw:
state: enabled
- name: create jail.local
copy:
content: |
[sshd]
enabled = true
dest: /etc/fail2ban/jail.local
notify: reload fail2ban
handlers:
- name: reload ssh
service:
name: ssh
state: reloaded
- name: reload fail2ban
service:
name: fail2ban
state: reloaded