feat: dev-sec.io linux baseline hardening

2022-12-19 03:26:06 +05:30 · 2022-12-19 03:26:06 +05:30 · 057f49c0ad
parent b46e41da0b
commit 057f49c0ad
3 changed files with 20 additions and 0 deletions
--- a/debian/Makefile
+++ b/debian/Makefile
@ -1,3 +1,9 @@
+env: ## Init environment
+	terraform init
+	ansible-galaxy install -r ./ansible/requirements.yml
+	virtualenv vent
+	. ./venv/bin/activate && pip install -r requirements.txt
+
 default:
 	terraform plan --out=plan
 	terraform apply plan
@ -8,6 +14,7 @@ inventory: ## Deploy server
 
 configure: ## Configure server
 	ansible-playbook -i ./ansible/inventory/hosts.ini -f 10 ./ansible/playbook.yml
+	ansible-playbook -i ./ansible/inventory/hosts.ini -f 10 ./ansible/linux-baseline.yml

 ansible-check: ## Check Ansible playbooks
 	ansible-playbook --check ./ansible/playbook.yml
--- a/debian/ansible/linux-baseline.yml
+++ b/debian/ansible/linux-baseline.yml
@ -0,0 +1,10 @@
+- name: dev-sec.io linux baseline hardening
+  hosts: debainbasic
+  remote_user: root
+
+  collections:
+    - devsec.hardening
+  roles:
+    - os_hardening
+    - ssh_hardening
+    - nginx_hardening
--- a/debian/ansible/requirements.yml
+++ b/debian/ansible/requirements.yml
@ -0,0 +1,3 @@
+---
+collections:
+- devsec.hardening