This role configures current best practice hardening techniques to help prevent the server from being vulnerable to common attacks. Key points addressed by this role are:
- Removing unused users & groups
- Mounting
tmpfsas read-only - Limit the use of
su - Tighten network security
- Basic
iptablesmanagement
This role requires Ansible version 1.4 or higher and the Debian/Ubuntu platform.
The variables that can be passed to this role and a brief description about them are as follows:
# The default firewall port for SSH
hardening_ssh_port: 22
# The default firewall port for MySQL
hardening_mysql_port: 3306
# The default firewall port for web traffic
hardening_webserver_ports:
- 80
- 443
# The default list of IPs allowed through the firewall
hardening_allowed_ips:
- "127.0.0.1"-
Harden the server using default settings
--- - name: Apply hardening to all nodes hosts: all roles: - hardening
-
Harden the server using customized parameters
--- - name: Apply hardening to all nodes hosts: all roles: - { role: hardening hardening_ssh_port: "{{ openssh_port }}" }
None.
MIT.