[ansible][attitude-adjuster] increase the security

pull/28/head
Alpha Chen 5 years ago
parent 5f0c1539c5
commit c8d4c6015a

@ -0,0 +1,2 @@
[sshd]
enabled = true

@ -10,7 +10,9 @@
- vim - vim
become: yes become: yes
# ssh # Security
#
# https://www.raspberrypi.org/documentation/configuration/security.md
- hosts: attitude-adjuster - hosts: attitude-adjuster
tasks: tasks:
@ -33,11 +35,51 @@
password: ! password: !
become: yes become: yes
- name: install ufw and fail2ban
package:
name: "{{ item }}"
state: present
become: yes
with_items:
- ufw
- fail2ban
- name: allow access to dns, http, and https
ufw:
rule: allow
name: "{{ item }}"
with_items:
- DNS
- WWW Full
become: yes
- name: limit ssh access
ufw:
rule: limit
name: OpenSSH
become: yes
- name: enable ufw
ufw:
state: enabled
become: yes
- name: create jail.local
copy:
src: jail.local
dest: /etc/fail2ban/
become: yes
notify: reload fail2ban
handlers: handlers:
- name: reload ssh - name: reload ssh
service: service:
name: ssh name: ssh
state: reloaded state: reloaded
- name: reload fail2ban
service:
name: fail2ban
state: reloaded
# Pi-Hole # Pi-Hole

Loading…
Cancel
Save