Git Product home page Git Product logo

basicserverhardening's Introduction

Basic Hardening Ansible Script

Maintainer

Description

Some basic Security Hardening plays using Ansible

Hardening Features

  • create an issue and issue.net from the provided template
  • disable root login for ssh
  • set maximum number of concurrent alive ssh client sessions
  • set maximum number of SSH sessions
  • set ssh compression to delayed
  • set ssh maximum number of authentication retries
  • disable ssh TCP keep alive
  • disable X11 forwarding
  • enable SSH banner
  • default umask in login.defs
  • setup minimum password age in login.defs
  • setup maximum password age in login.defs
  • enable spoof protection
  • enable syn cookies
  • disable ICMP redirects
  • enable kernel address space layout randomization (ASLR)
  • install and enable fail2ban
  • install and enable rkhunter
  • install per user temp dirs
  • install debsums for verifying package integrity
  • install the debsecan tool
  • install lynis
  • install usbguard
  • disable core dumps
  • disable setuid applications core dumps
  • disable kernel kernel core dumps
  • set pam maxlogins
  • set pam nproc
  • Disallow opening files in world writeable sticky directories
  • Disallow opening fifos in world writeable sticky directories
  • Protect hardlinks
  • Protect symlinks
  • Disallow bpf loading for normal users
  • harden bpf jit compilter

Usage

Clone this repository into the roles folder of your playbook and add the role

Available variables used in your host repository can be found in defaults/main.yml.

LICENSE

GPLv3

basicserverhardening's People

Contributors

byterazor avatar

Stargazers

avatar

Watchers

James Cloos avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.