Skip to content

natehudson/ansible-csf-security

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
vars
vars
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Ansible CSF Security

This ansible role provides a good server security baseline:

  • Installs ConfigServer Firewall (CSF) for:
    • Easy firewall management
    • Intrusion detection/prevention
    • Various other security features
  • Configures SSH for better security, including:
    • Moving to alternate listen port
    • Disabling password auth
  • Adds script to check other system components for basic security check
    • /etc/csf/servercheck.pl

It's up to you to inform yourself of security best practices, and understand your stack's own security risks. This is just a simple baseline configuration.

Requirements

Note: Make sure your SSH public key is under ~/.ssh/authorized_keys, or you can be locked out of your server after running this role

CSF will be in testing mode after running this script and will stop in 5 minutes. Disable testing mode (in csf.conf), and restart CSF (csf -r) after testing that the firewall is configured properly.

Role Variables

- csf_sec_ssh_port: 22   # moves the SSH port

Dependencies

None

Example Playbook

- hosts: webservers
   vars:
    - csf_sec_ssh_port: 9090
  roles:
    - { role: nlap.ansible-csf-security }

License

MIT

About

Ansible role for basic server security

galaxy.ansible.com/nlap/csf-security/

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Perl 100.0%