From cb61987ffb91c81c3e0c82e3f73f846586b1d770 Mon Sep 17 00:00:00 2001 From: sysadt Date: Tue, 27 Jun 2023 21:39:17 +0200 Subject: [PATCH 1/4] Added references to Ansible playbooks --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f41953c..6648cd4 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,8 @@ This guides purpose is to teach you how to secure a Linux server. There are a lot of things you can do to secure a Linux server and this guide will attempt to cover as many of them as possible. More topics/material will be added as I learn, or as folks [contribute](#contributing). +Ansible playbooks of this guide are available at [How To Secure A Linux Server With Ansible](https://github.com/sysadt/How-To-Secure-A-Linux-Server-With-Ansible) by [sysadt](https://github.com/sysadt). + ([Table of Contents](#table-of-contents)) ### Why Secure Your Server @@ -97,8 +99,6 @@ I've never found one guide that covers everything -- this guide is my attempt. Many of the things covered in this guide may be rather basic/trivial, but most of us do not install Linux every day and it is easy to forget those basic things. -IT automation tools like [Ansible](https://www.ansible.com/), [Chef](https://www.chef.io/), [Jenkins](https://jenkins.io/), [Puppet](https://puppet.com/), etc. help with the tedious task of installing/configuring a server but IMHO they are better suited for multiple or large scale deployments. IMHO, the overhead required to use those kinds of automation tools is wholly unnecessary for a one-time single server install for home use. - ([Table of Contents](#table-of-contents)) ### Other Guides @@ -3546,6 +3546,7 @@ For any questions, comments, concerns, feedback, or issues, submit a [new issue] - https://news.ycombinator.com/item?id=19177435#19178618 - https://www.reddit.com/r/linuxadmin/comments/arx7xo/howtosecurealinuxserver_an_evolving_howto_guide/ - https://www.reddit.com/r/linux/comments/arx7st/howtosecurealinuxserver_an_evolving_howto_guide/ +- https://github.com/sysadt/How-To-Secure-A-Linux-Server-With-Ansible ([Table of Contents](#table-of-contents)) From d440add836d0785b997b10d278952d2225d2dd4a Mon Sep 17 00:00:00 2001 From: sysadt Date: Tue, 27 Jun 2023 21:56:59 +0200 Subject: [PATCH 2/4] added section for Ansible playbooks --- README.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/README.md b/README.md index 6648cd4..f30cf87 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,7 @@ An evolving how-to guide for securing a Linux server that, hopefully, also teach - [Installing Linux](#installing-linux) - [Pre/Post Installation Requirements](#prepost-installation-requirements) - [Other Important Notes](#other-important-notes) + - [Using Ansible Playbooks to secure your Linux Server](#ansible-playbooks-to-secure-your-linux-server) - [The SSH Server](#the-ssh-server) - [Important Note Before You Make SSH Changes](#important-note-before-you-make-ssh-changes) - [SSH Public/Private Keys](#ssh-publicprivate-keys) @@ -267,6 +268,52 @@ Where applicable, use the expert install option so you have tighter control of w - Read the whole guide before you start. Your use-case and/or principals may call for not doing something or for changing the order. - Do not **blindly** copy-and-paste without understanding what you're pasting. Some commands will need to be modified for your needs before they'll work -- usernames for example. +([Table of Contents](#table-of-contents)) + +### Using Ansible playbooks to secure your Linux Server +Ansible playbooks of this guide are available at [How To Secure A Linux Server With Ansible](https://github.com/sysadt/How-To-Secure-A-Linux-Server-With-Ansible). + +Make sure to edit the variables according to your needs and read all tasks beforehand to confirm it does not break your system. After running the playbooks ensure that all settings are configured to your needs! + +1. Install [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +2. git clone [How To Secure A Linux Server With Ansible](https://github.com/sysadt/How-To-Secure-A-Linux-Server-With-Ansible) +3. [Create SSH-Public/Private-Keys](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server#ssh-publicprivate-keys) + ``` + ssh-keygen -t ed25519 + ``` + +5. Change all variables in *group_vars/variables.yml* according to your needs. +6. Enable SSH root access before running the playbooks: + + ``` + nano /etc/ssh/sshd_config + [...] + PermitRootLogin yes + [...] + ``` + +7. Recommended: configure static IP address on your system. +8. Add your systems IP address to *hosts.yml*. + +  + +Run the requirements playbook using the root password you specified while installing the server: + + ansible-playbook --inventory hosts.yml --ask-pass requirements-playbook.yml + +  + +Run the main playbook with the new users password you specified in the *variables.yml* file: + + ansible-playbook --inventory hosts.yml --ask-pass main-playbook.yml + +  + +If you need to run the playbooks multiple times remember to use the SSH key and the new SSH port: + + ansible-playbook --inventory hosts.yml -e ansible_ssh_port=SSH_PORT --key-file /PATH/TO/SSH/KEY main-playbook.yml + + ([Table of Contents](#table-of-contents)) ## The SSH Server From 6832a167ec91bca7d99d056e5c876cd110fdf096 Mon Sep 17 00:00:00 2001 From: sysadt Date: Tue, 27 Jun 2023 21:57:58 +0200 Subject: [PATCH 3/4] correction of link in TOC --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f30cf87..70c82bd 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ An evolving how-to guide for securing a Linux server that, hopefully, also teach - [Installing Linux](#installing-linux) - [Pre/Post Installation Requirements](#prepost-installation-requirements) - [Other Important Notes](#other-important-notes) - - [Using Ansible Playbooks to secure your Linux Server](#ansible-playbooks-to-secure-your-linux-server) + - [Using Ansible Playbooks to secure your Linux Server](#using-ansible-playbooks-to-secure-your-linux-server) - [The SSH Server](#the-ssh-server) - [Important Note Before You Make SSH Changes](#important-note-before-you-make-ssh-changes) - [SSH Public/Private Keys](#ssh-publicprivate-keys) From 74f1c2db8a8c7f50cc79557600d1bd19bb0443f7 Mon Sep 17 00:00:00 2001 From: mbit Date: Mon, 4 Dec 2023 20:31:19 +0100 Subject: [PATCH 4/4] updated references to my changed username --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 3a8bb2e..7b944ab 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ This guides purpose is to teach you how to secure a Linux server. There are a lot of things you can do to secure a Linux server and this guide will attempt to cover as many of them as possible. More topics/material will be added as I learn, or as folks [contribute](#contributing). -Ansible playbooks of this guide are available at [How To Secure A Linux Server With Ansible](https://github.com/sysadt/How-To-Secure-A-Linux-Server-With-Ansible) by [sysadt](https://github.com/sysadt). +Ansible playbooks of this guide are available at [How To Secure A Linux Server With Ansible](https://github.com/moltenbit/How-To-Secure-A-Linux-Server-With-Ansible) by [moltenbit](https://github.com/moltenbit). ([Table of Contents](#table-of-contents)) @@ -271,12 +271,12 @@ Where applicable, use the expert install option so you have tighter control of w ([Table of Contents](#table-of-contents)) ### Using Ansible playbooks to secure your Linux Server -Ansible playbooks of this guide are available at [How To Secure A Linux Server With Ansible](https://github.com/sysadt/How-To-Secure-A-Linux-Server-With-Ansible). +Ansible playbooks of this guide are available at [How To Secure A Linux Server With Ansible](https://github.com/moltenbit/How-To-Secure-A-Linux-Server-With-Ansible). Make sure to edit the variables according to your needs and read all tasks beforehand to confirm it does not break your system. After running the playbooks ensure that all settings are configured to your needs! 1. Install [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) -2. git clone [How To Secure A Linux Server With Ansible](https://github.com/sysadt/How-To-Secure-A-Linux-Server-With-Ansible) +2. git clone [How To Secure A Linux Server With Ansible](https://github.com/moltenbit/How-To-Secure-A-Linux-Server-With-Ansible) 3. [Create SSH-Public/Private-Keys](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server#ssh-publicprivate-keys) ``` ssh-keygen -t ed25519 @@ -1722,7 +1722,7 @@ And, since we're already using [UFW](#ufw-uncomplicated-firewall) so we'll follo - https://serverfault.com/a/447604/289829 - https://serverfault.com/a/770424/289829 - https://gist.github.com/netson/c45b2dc4e835761fbccc -- Thanks to [sysadt](https://github.com/sysadt) for catching the issue ([#61](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server/issues/61)) with `psadwatchd`. +- Thanks to [moltenbit](https://github.com/moltenbit) for catching the issue ([#61](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server/issues/61)) with `psadwatchd`. #### Steps @@ -3596,7 +3596,7 @@ For any questions, comments, concerns, feedback, or issues, submit a [new issue] - https://news.ycombinator.com/item?id=19177435#19178618 - https://www.reddit.com/r/linuxadmin/comments/arx7xo/howtosecurealinuxserver_an_evolving_howto_guide/ - https://www.reddit.com/r/linux/comments/arx7st/howtosecurealinuxserver_an_evolving_howto_guide/ -- https://github.com/sysadt/How-To-Secure-A-Linux-Server-With-Ansible +- https://github.com/moltenbit/How-To-Secure-A-Linux-Server-With-Ansible ([Table of Contents](#table-of-contents))