This Repository contains Server Hardening Techniques which are implemented using Ansible Roles
I have created ansible roles for the following tasks
-
accounts : this installs and configures fail2ban which helps in intrusion detection and system administrators can check illegal activities from logs Also I have created a user ansible which is part of group power which I have given sudo powers
-
network : Here we make ssh more secure by only allowing key based login , adding protocol 2 and limiting the number of tries , preventing TcpForwarding and etc I have also added firewall rules to allow ssh access only from a particular network and only allow webserver access requests and removed all other rules
-
physical : This provides security against single user mode and only allows login using password in the grub and also provides security against all types of physical attacks Also changes grub settings .
-
luks-conf : make a harddisk encrypted for users and users will be able to store data securely and can decrypt it anytime using passphrase
The repository contains ansible vaults Along with that it contains a role for setting up and configuring docker and kubernetes in remote systems , the role name is kubernetes-docker
This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple example steps.
- pip
- AWS ec2 instance
-
Install and configure yum, vim and git
-
Clone the repo
git clone https://github.com/ShirshaDatta/Server-Hardening
- Ping to localhost
ping localhost
- Install Ansible (If python3 not installed, do it and then install ansible )
pip3 install ansible
or
yum install ansible
Check if ansible is installed successfully. Run the below command.
ansible --version
Setup Firewall Rules. Run the below given commands.
cd Server-Hardening
ansible-playbook network.yml
Create Super User and setup fail2ban
ansible-playbook --ask-vault-pass accounts.yml
Enter password: $ANSIBLE_VAULT_PASS
We saw that the playbook is successfully run. Now we will cross-check the same manually.
Checking if nginx is installed and the service started and firewall rules.Run the below given commands.
systemctl status nginx
iptables -L
Checking if fail-to-ban is installed and running.run the below given command.
systemctl status fail2ban
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Added some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the MIT License. See LICENSE
for more information.
-
Your Name - Shirsha Datta
-
You can contact me at shirshadatta2000@gmail.com
-
Project Link: https://github.com/ShirshaDatta/Server-Hardening