A fairly simple set of Ansible roles which we use to harden some of our servers at turalt.
Currently included:
- iptables firewall rules which block all but ports 22, 80, and 443
- postfix install in a null client mode, to deliver all local mail to an external mailbox
- fail2ban setup to manage attempted ssh and ban accounts, also log and notify