This roles installs the Security Hardening fixes to make Ubuntu less vulnerable.
Included fixes:
- Installs latest security updates via aptitude
- SSH root disable and key access only
- Disable ping
- Restrict crons to root only
- Disable core dumps
- Purges old kernels (optional)
Note this role installs security hardening updates on each run and is therefore not idempotent.
To install run ansible-galaxy install sansible.security_hardening
or add this
to your roles.yml
.
- name: sansible.security_hardening
version: v2.0
and run ansible-galaxy install -p ./roles -r roles.yml
This role uses one tag: build
build
- Installs Security Hardening and all its dependencies.
To install:
- name: Install and configure Security Hardening
hosts: "somehost"
roles:
- role: sansible.security_hardening
sansible_security_hardening_purge_old_kernels: yes