You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
64 lines
1.2 KiB
64 lines
1.2 KiB
5 years ago
|
# https://www.raspberrypi.org/documentation/configuration/security.md
|
||
|
|
||
|
- hosts: attitude-adjuster
|
||
|
become: yes
|
||
|
tasks:
|
||
|
|
||
|
- name: disable ssh password logins
|
||
|
lineinfile:
|
||
|
path: /etc/ssh/sshd_config
|
||
|
regexp: '^(#\s*)?{{ item }} '
|
||
|
line: "{{ item }} no"
|
||
|
notify: reload ssh
|
||
|
with_items:
|
||
|
- ChallengeResponseAuthentication
|
||
|
- PasswordAuthentication
|
||
|
- UsePAM
|
||
|
|
||
|
- name: disable pi user
|
||
|
user:
|
||
|
name: pi
|
||
|
password: !
|
||
|
|
||
|
- name: install ufw and fail2ban
|
||
|
package:
|
||
|
name: "{{ item }}"
|
||
|
state: present
|
||
|
with_items:
|
||
|
- ufw
|
||
|
- fail2ban
|
||
|
|
||
5 years ago
|
- name: allow access to http, and https
|
||
5 years ago
|
ufw:
|
||
|
rule: allow
|
||
5 years ago
|
name: WWW Full
|
||
5 years ago
|
|
||
|
- name: limit ssh access
|
||
|
ufw:
|
||
|
rule: limit
|
||
|
name: OpenSSH
|
||
|
|
||
|
- name: enable ufw
|
||
|
ufw:
|
||
|
state: enabled
|
||
|
|
||
|
- name: create jail.local
|
||
|
copy:
|
||
|
content: |
|
||
|
[sshd]
|
||
|
enabled = true
|
||
|
dest: /etc/fail2ban/jail.local
|
||
|
notify: reload fail2ban
|
||
|
|
||
|
handlers:
|
||
|
|
||
|
- name: reload ssh
|
||
|
service:
|
||
|
name: ssh
|
||
|
state: reloaded
|
||
|
|
||
|
- name: reload fail2ban
|
||
|
service:
|
||
|
name: fail2ban
|
||
|
state: reloaded
|