The Ansible playbook in this repository performs the following tasks,
- Update apt repositories
- Install and configure fail2ban for SSH
- Install daily rootkit detection scripts using chkrootkit and rkhunter
- Install and configure swap space equal to total memory
- Disable snapd on Ubuntu for lower memory consumption
- Install weekly script to update and reboot the system
- GitHub: github.com/k3karthic/ansible__ubuntu-basic
- Codeberg: codeberg.org/k3karthic/ansible__ubuntu-basic
The file roles/swap/vars/main.yml
contains the following variables that you can change,
- swap_file_path: File path for the swapfile. (Default: /swapfile.swap)
- swap_swappiness: Kernel parameter to change how often it will use swap. (Default: 60)
Run the playbook using the following command,
$ ./bin/apply_local.sh
Assumption: The instance runs in Oracle Cloud using either of the scripts below,
- terraform__oci-instance-1
- terraform__oci-instance-2
- terraform__oci-instance-3
Install the following before running the playbook,
$ pip install oci
$ ansible-galaxy collection install oracle.oci
The Oracle Ansible Inventory Plugin populates public Ubuntu instances.
All target Ubuntu instances must have the freeform tag os: ubuntu
.
- Update
inventory/oracle.oci.yml
,- Specify the region where you have deployed your server on Oracle Cloud. List of regions are at docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm.
- Configure the authentication as per the Oracle Guide
- Set username and ssh authentication in
inventory/group_vars/
The file roles/swap/vars/main.yml
contains the following variables that you can change,
- swap_file_path: File path for the swapfile. (Default: /swapfile.swap)
- swap_swappiness: Kernel parameter to change how often it will use swap. (Default: 60)
Run the playbook using the following command,
$ ./bin/apply.sh
Encrypt sensitive files (SSH private keys) before saving them. .gitignore
must contain the unencrypted file paths.
Use the following command to decrypt the files after cloning the repository,
$ ./bin/decrypt.sh
Use the following command after running terraform to update the encrypted files,
$ ./bin/encrypt.sh <gpg key id>