{"id":19569155,"url":"https://github.com/buluma/ansible-role-security","last_synced_at":"2026-01-18T02:52:08.485Z","repository":{"id":40566021,"uuid":"477105514","full_name":"buluma/ansible-role-security","owner":"buluma","description":"Basic Ansible Role Security","archived":false,"fork":false,"pushed_at":"2024-06-17T16:55:29.000Z","size":149,"stargazers_count":2,"open_issues_count":5,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-09T13:44:37.069Z","etag":null,"topics":["ansible","ansible-role","molecule","security","tox"],"latest_commit_sha":null,"homepage":"https://galaxy.ansible.com/buluma/security","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/buluma.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"buluma"}},"created_at":"2022-04-02T16:10:38.000Z","updated_at":"2024-06-17T16:55:32.000Z","dependencies_parsed_at":"2023-02-08T16:30:22.378Z","dependency_job_id":"d67ffce9-8817-4deb-9557-cef8c53b4511","html_url":"https://github.com/buluma/ansible-role-security","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buluma%2Fansible-role-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buluma%2Fansible-role-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buluma%2Fansible-role-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/buluma%2Fansible-role-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/buluma","download_url":"https://codeload.github.com/buluma/ansible-role-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247108751,"owners_count":20884967,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","molecule","security","tox"],"created_at":"2024-11-11T06:07:51.842Z","updated_at":"2026-01-18T02:52:08.449Z","avatar_url":"https://github.com/buluma.png","language":"Jinja","funding_links":["https://github.com/sponsors/buluma"],"categories":[],"sub_categories":[],"readme":"# Ansible role [security](https://galaxy.ansible.com/ui/standalone/roles/buluma/security/documentation)\n\nSecurity software installation and configuration.\n\n|GitHub|Version|Issues|Pull Requests|Downloads|\n|------|-------|------|-------------|---------|\n|[![github](https://github.com/buluma/ansible-role-security/actions/workflows/molecule.yml/badge.svg)](https://github.com/buluma/ansible-role-security/actions/workflows/molecule.yml)|[![Version](https://img.shields.io/github/release/buluma/ansible-role-security.svg)](https://github.com/buluma/ansible-role-security/releases/)|[![Issues](https://img.shields.io/github/issues/buluma/ansible-role-security.svg)](https://github.com/buluma/ansible-role-security/issues/)|[![PullRequests](https://img.shields.io/github/issues-pr-closed-raw/buluma/ansible-role-security.svg)](https://github.com/buluma/ansible-role-security/pulls/)|[![Ansible Role](https://img.shields.io/ansible/role/d/buluma/security)](https://galaxy.ansible.com/ui/standalone/roles/buluma/security/documentation)|\n\n## [Example Playbook](#example-playbook)\n\nThis example is taken from [`molecule/default/converge.yml`](https://github.com/buluma/ansible-role-security/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release.\n\n```yaml\n---\n- name: Converge\n  hosts: all\n  become: yes\n  gather_facts: yes\n\n  roles:\n    - role: buluma.security\n      security_autoupdate_enabled: false\n      security_fail2ban_enabled: false\n```\n\nThe machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/buluma/ansible-role-security/blob/master/molecule/default/prepare.yml):\n\n```yaml\n---\n- name: Prepare\n  hosts: all\n  become: yes\n  gather_facts: no\n\n  roles:\n    - role: buluma.bootstrap\n    - role: buluma.epel\n    - role: buluma.repo_epel\n      when:\n        - (ansible_distribution == \"Amazon\" and\n          ansible_distribution_major_version == \"2\") or\n          (ansible_os_family == \"RedHat\" and\n          ansible_distribution_major_version in [ \"7\", \"8\" ])\n```\n\nAlso see a [full explanation and example](https://buluma.github.io/how-to-use-these-roles.html) on how to use these roles.\n\n## [Role Variables](#role-variables)\n\nThe default values for the variables are set in [`defaults/main.yml`](https://github.com/buluma/ansible-role-security/blob/master/defaults/main.yml):\n\n```yaml\n---\nsecurity_ssh_port: 22\nsecurity_ssh_password_authentication: \"no\"\nsecurity_ssh_permit_root_login: \"no\"\nsecurity_ssh_usedns: \"no\"\nsecurity_ssh_permit_empty_password: \"no\"\nsecurity_ssh_challenge_response_auth: \"no\"\nsecurity_ssh_gss_api_authentication: \"no\"\nsecurity_ssh_x11_forwarding: \"no\"\nsecurity_sshd_state: started\nsecurity_ssh_restart_handler_state: restarted\nsecurity_ssh_allowed_users: []\nsecurity_ssh_allowed_groups: []\n\nsecurity_sudoers_passwordless: []\nsecurity_sudoers_passworded: []\n\nsecurity_autoupdate_enabled: false\nsecurity_autoupdate_blacklist: []\nsecurity_autoupdate_secpkgs_only: false\n\n# Autoupdate mail settings used on Debian/Ubuntu only.\nsecurity_autoupdate_reboot: \"false\"\nsecurity_autoupdate_reboot_time: \"03:00\"\nsecurity_autoupdate_mail_to: \"\"\nsecurity_autoupdate_mail_on_error: true\n\nsecurity_fail2ban_enabled: true\nsecurity_fail2ban_custom_configuration_template: \"jail.local.j2\"\n```\n\n## [Requirements](#requirements)\n\n- pip packages listed in [requirements.txt](https://github.com/buluma/ansible-role-security/blob/master/requirements.txt).\n\n## [State of used roles](#state-of-used-roles)\n\nThe following roles are used to prepare a system. You can prepare your system in another way.\n\n| Requirement | GitHub | Version |\n|-------------|--------|--------|\n|[buluma.bootstrap](https://galaxy.ansible.com/buluma/bootstrap)|[![Ansible Molecule](https://github.com/buluma/ansible-role-bootstrap/actions/workflows/molecule.yml/badge.svg)](https://github.com/buluma/ansible-role-bootstrap/actions/workflows/molecule.yml)|[![Version](https://img.shields.io/github/release/buluma/ansible-role-bootstrap.svg)](https://github.com/shadowwalker/ansible-role-bootstrap)|\n|[buluma.epel](https://galaxy.ansible.com/buluma/epel)|[![Ansible Molecule](https://github.com/buluma/ansible-role-epel/actions/workflows/molecule.yml/badge.svg)](https://github.com/buluma/ansible-role-epel/actions/workflows/molecule.yml)|[![Version](https://img.shields.io/github/release/buluma/ansible-role-epel.svg)](https://github.com/shadowwalker/ansible-role-epel)|\n|[buluma.repo_epel](https://galaxy.ansible.com/buluma/repo_epel)|[![Ansible Molecule](https://github.com/buluma/ansible-role-repo_epel/actions/workflows/molecule.yml/badge.svg)](https://github.com/buluma/ansible-role-repo_epel/actions/workflows/molecule.yml)|[![Version](https://img.shields.io/github/release/buluma/ansible-role-repo_epel.svg)](https://github.com/shadowwalker/ansible-role-repo_epel)|\n|[buluma.security](https://galaxy.ansible.com/buluma/security)|[![Ansible Molecule](https://github.com/buluma/ansible-role-security/actions/workflows/molecule.yml/badge.svg)](https://github.com/buluma/ansible-role-security/actions/workflows/molecule.yml)|[![Version](https://img.shields.io/github/release/buluma/ansible-role-security.svg)](https://github.com/shadowwalker/ansible-role-security)|\n\n## [Context](#context)\n\nThis role is a part of many compatible roles. Have a look at [the documentation of these roles](https://buluma.github.io/) for further information.\n\nHere is an overview of related roles:\n\n![dependencies](https://raw.githubusercontent.com/buluma/ansible-role-security/png/requirements.png \"Dependencies\")\n\n## [Compatibility](#compatibility)\n\nThis role has been tested on these [container images](https://hub.docker.com/u/buluma):\n\n|container|tags|\n|---------|----|\n|[EL](https://hub.docker.com/r/buluma/enterpriselinux)|all|\n|[Fedora](https://hub.docker.com/r/buluma/fedora)|all|\n|[Debian](https://hub.docker.com/r/buluma/debian)|all|\n|[Ubuntu](https://hub.docker.com/r/buluma/ubuntu)|jammy, focal, bionic|\n\nThe minimum version of Ansible required is 2.12, tests have been done to:\n\n- The previous version.\n- The current version.\n- The development version.\n\nIf you find issues, please register them in [GitHub](https://github.com/buluma/ansible-role-security/issues)\n\n## [Changelog](#changelog)\n\n[Role History](https://github.com/buluma/ansible-role-security/blob/master/CHANGELOG.md)\n\n## [License](#license)\n\n[Apache-2.0](https://github.com/buluma/ansible-role-security/blob/master/LICENSE)\n\n## [Author Information](#author-information)\n\n[Shadow Walker](https://buluma.github.io/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuluma%2Fansible-role-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbuluma%2Fansible-role-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbuluma%2Fansible-role-security/lists"}