From 057f49c0ade646a11bcb454e58e0ab55a248baf6 Mon Sep 17 00:00:00 2001
From: Aravinth Manivannan <realaravinth@batsense.net>
Date: Mon, 19 Dec 2022 03:26:06 +0530
Subject: [PATCH] feat: dev-sec.io linux baseline hardening

---
 debian/Makefile                   |  7 +++++++
 debian/ansible/linux-baseline.yml | 10 ++++++++++
 debian/ansible/requirements.yml   |  3 +++
 3 files changed, 20 insertions(+)
 create mode 100644 debian/ansible/linux-baseline.yml
 create mode 100644 debian/ansible/requirements.yml

diff --git a/debian/Makefile b/debian/Makefile
index 1af1a2e..b6c57f1 100644
--- a/debian/Makefile
+++ b/debian/Makefile
@@ -1,3 +1,9 @@
+env: ## Init environment
+	terraform init
+	ansible-galaxy install -r ./ansible/requirements.yml
+	virtualenv vent
+	. ./venv/bin/activate && pip install -r requirements.txt
+
 default:
 	terraform plan --out=plan
 	terraform apply plan
@@ -8,6 +14,7 @@ inventory: ## Deploy server
  
 configure: ## Configure server
 	ansible-playbook -i ./ansible/inventory/hosts.ini -f 10 ./ansible/playbook.yml
+	ansible-playbook -i ./ansible/inventory/hosts.ini -f 10 ./ansible/linux-baseline.yml
 
 ansible-check: ## Check Ansible playbooks
 	ansible-playbook --check ./ansible/playbook.yml
diff --git a/debian/ansible/linux-baseline.yml b/debian/ansible/linux-baseline.yml
new file mode 100644
index 0000000..20a4e52
--- /dev/null
+++ b/debian/ansible/linux-baseline.yml
@@ -0,0 +1,10 @@
+- name: dev-sec.io linux baseline hardening
+  hosts: debainbasic
+  remote_user: root
+
+  collections:
+    - devsec.hardening
+  roles:
+    - os_hardening
+    - ssh_hardening
+    - nginx_hardening
diff --git a/debian/ansible/requirements.yml b/debian/ansible/requirements.yml
new file mode 100644
index 0000000..2e4deb6
--- /dev/null
+++ b/debian/ansible/requirements.yml
@@ -0,0 +1,3 @@
+---
+collections:
+- devsec.hardening