Week3 - Configure Security Standards for Ubuntu by Ansible Script And...

Week3 - Configure Security Standards for Ubuntu by Ansible Script And Configure ssh access on remote host

Week3 - Configure Security Standards for Ubuntu by Ansible Script And...
Week3 - Configure Security Standards for Ubuntu by Ansible Script And Configure ssh access on remote host
4fbc998a · Nguyễn Văn Vũ · 38ccd012 · 4fbc998a
Commit 4fbc998a authored Feb 24, 2024 by Nguyễn Văn Vũ
Show whitespace changes
Inline Side-by-side

Showing with 49 additions and 0 deletions

setup-security-ubuntu.yml week3/setup-security-ubuntu.yml +49 -0

No files found.
--- a/week3/setup-security-ubuntu.yml
+++ b/week3/setup-security-ubuntu.yml
+---
+- name: Configure Security Standards for Ubuntu
+  hosts: all
+  become: yes
+
+  tasks:
+    - name: Update package cache and upgrade packages
+      apt:
+        update_cache: yes
+        upgrade: dist
+
+    - name: Install fail2ban
+      apt:
+        name: fail2ban
+        state: present
+
+    - name: Configure fail2ban
+      template:
+        src: templates/fail2ban.j2
+        dest: /etc/fail2ban/jail.local
+      notify: restart fail2ban
+
+    - name: Enable firewall (ufw) and allow SSH
+      ufw:
+        state: enabled
+        policy: deny
+        rules:
+          - allow:
+              proto: tcp
+              port: 22
+              comment: "Allow SSH"
+        before: "ufw-reload"
+
+    - name: Enable automatic security updates
+      apt:
+        name: unattended-upgrades
+        state: present
+      notify: restart unattended-upgrades
+
+  handlers:
+    - name: restart fail2ban
+      service:
+        name: fail2ban
+        state: restarted
+
+    - name: restart unattended-upgrades
+      service:
+        name: unattended-upgrades
+        state: restarted