Skip to content

Commit b0a3e2b

Browse files
author
sysadt
authored
Update README.md
1 parent f921e60 commit b0a3e2b

File tree

1 file changed

+57
-2
lines changed

1 file changed

+57
-2
lines changed

README.md

Lines changed: 57 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,57 @@
1-
# How-To-Secure-A-Linux-Server-With-Ansible
2-
Ansible playbook of "How To Secure A Linux Server".
1+
# How To Secure A Linux Server With Ansible
2+
Ansible playbooks of ["How To Secure A Linux Server"](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server).
3+
4+
These Ansible playbooks are made to help install secure Linux servers faster.
5+
6+
## How to get started
7+
1. Install [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
8+
2. git-clone this repository
9+
3. [Create SSH-Public/Private-Keys](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server#ssh-publicprivate-keys)
10+
ssh-keygen -t ed25519
11+
4. Change all variables in *group_vars/variables.yml* according to your needs.
12+
5. Enable SSH root access before running the playbooks:
13+
14+
```
15+
nano /etc/ssh/sshd_config
16+
[...]
17+
PermitRootLogin yes
18+
[...]
19+
```
20+
21+
7. Recommended: configure static IP address on your system.
22+
8. Add your systems IP address to *hosts.yml*.
23+
24+
 
25+
26+
Run the requirements playbook:
27+
28+
ansible-playbook --inventory hosts.yml --ask-pass requirements-playbook.yml
29+
30+
 
31+
32+
Run the main playbook:
33+
34+
ansible-playbook --inventory hosts.yml --ask-pass main-playbook.yml
35+
36+
 
37+
38+
If you need to run the playbooks multiple times remember to use the SSH key and the new SSH port:
39+
40+
ansible-playbook --inventory hosts.yml -e ansible_ssh_port=SSH_PORT --key-file /PATH/TO/SSH/KEY main-playbook.yml
41+
42+
 
43+
44+
Tested on Debian 12 Bookworm.
45+
46+
## Configurations
47+
WIP
48+
49+
## Plans / ToDos
50+
- [ ] use Ansible vault to securely store secrets
51+
52+
## Warning!
53+
Read all tasks carefully and make sure they do not break your system before using these playbooks! Do not rely solely on the Ansible playbooks for security! It is your responsibility to make sure all settings you need have been set and are working. This is just a starting point! Depending on your needs and goals make sure to further secure your system.
54+
55+
## Credits
56+
- [imthenachoman](https://github.com/imthenachoman) for creating the great [How To Secure A Linux Server](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) guide
57+
- [Neo23x0](https://github.com/Neo23x0) for the auditd best practice rules

0 commit comments

Comments
 (0)