feat: dev-sec.io linux baseline hardening
This commit is contained in:
parent
b46e41da0b
commit
057f49c0ad
GPG key ID:
AD9F0F08E855ED88
3 changed files with 20 additions and 0 deletions
7
debian/Makefile
vendored
7
debian/Makefile
vendored
|
|
@ -1,3 +1,9 @@
|
||||||
|
env: ## Init environment
|
||||||
|
terraform init
|
||||||
|
ansible-galaxy install -r ./ansible/requirements.yml
|
||||||
|
virtualenv vent
|
||||||
|
. ./venv/bin/activate && pip install -r requirements.txt
|
||||||
|
|
||||||
default:
|
default:
|
||||||
terraform plan --out=plan
|
terraform plan --out=plan
|
||||||
terraform apply plan
|
terraform apply plan
|
||||||
|
|
@ -8,6 +14,7 @@ inventory: ## Deploy server
|
||||||
|
|
||||||
configure: ## Configure server
|
configure: ## Configure server
|
||||||
ansible-playbook -i ./ansible/inventory/hosts.ini -f 10 ./ansible/playbook.yml
|
ansible-playbook -i ./ansible/inventory/hosts.ini -f 10 ./ansible/playbook.yml
|
||||||
|
ansible-playbook -i ./ansible/inventory/hosts.ini -f 10 ./ansible/linux-baseline.yml
|
||||||
|
|
||||||
ansible-check: ## Check Ansible playbooks
|
ansible-check: ## Check Ansible playbooks
|
||||||
ansible-playbook --check ./ansible/playbook.yml
|
ansible-playbook --check ./ansible/playbook.yml
|
||||||
|
|
|
||||||
10
debian/ansible/linux-baseline.yml
vendored
Normal file
10
debian/ansible/linux-baseline.yml
vendored
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
- name: dev-sec.io linux baseline hardening
|
||||||
|
hosts: debainbasic
|
||||||
|
remote_user: root
|
||||||
|
|
||||||
|
collections:
|
||||||
|
- devsec.hardening
|
||||||
|
roles:
|
||||||
|
- os_hardening
|
||||||
|
- ssh_hardening
|
||||||
|
- nginx_hardening
|
||||||
3
debian/ansible/requirements.yml
vendored
Normal file
3
debian/ansible/requirements.yml
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
collections:
|
||||||
|
- devsec.hardening
|
||||||
Loading…
Reference in a new issue