Module to determine the security settings in Ubuntu and Debian. It is based on Linodes securing your server guide. https://www.linode.com/docs/security/securing-your-server/
It does following: Creates user with sudo for administraton tasks and puts rsa key in right place. Installs openssh-server and change configs(password login is disabled). Defines basic firewall settings. Installs fail2ban.
• ssh
• fail2ban
• iptables
• /etc/ssh/sshd_config
• /home/kayttaja/.ssh/authorized_keys
• /etc/iptables.firewall.rules
Works almost from the box. First thing to do is change authorized_keys files content with your own rsa key. To use module it is required to define user and system variables. This can be done in site.pp.
Example:
adminuser {’username’:
usr_pw => ’userpassword’,
}
Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
|-- secure
| |-- files
| | |-- authorized_keys
| | |-- iptables.firewall.rules
| | -- sshd_config<br> | |-- lib<br> | | -- puppet
| | -- parser<br> | | -- functions
| | -- pw_hash.rb<br> | -- manifests
| |-- fail2ban.pp
| |-- firewall.pp
| |-- init.pp
| `-- ssh.pp
pschyska. PW hashing with puppet parser function. URL: https://gist.github.com/pschyska/26002d5f8ee0da2a9ea0 Linode. Securing Your Server. URL: https://www.linode.com/docs/security/securing-your-server