https://github.com/cvdg/umbr

Umbrella
https://github.com/cvdg/umbr

Last synced: 3 months ago
JSON representation

Umbrella

• Host: GitHub
• URL: https://github.com/cvdg/umbr
• Owner: cvdg
• License: gpl-3.0
• Created: 2021-04-13T18:19:02.000Z (about 4 years ago)
• Default Branch: master
• Last Pushed: 2021-04-21T07:42:50.000Z (about 4 years ago)
• Last Synced: 2025-01-13T05:44:41.749Z (5 months ago)
• Language: HCL
• Size: 28.3 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# umbr - Umbrella

Harden Debian based hosts.

```shell

cd terraform

terraform init

terraform plan

terraform apply

```

## Harden

1. `firewalld` - Install basic firewall

1. `ssh` - Secure SSH daemon:

   

    1.1. Disable root login

   

    1.1. Disable passwords

    

    1.1. Only allow user in group `ssh`

1. Create `user`

    1.1. `sudo` - Install and allow users in group `adm`

    1.1. Create `user` in groups `adm` and `ssh`

    1.1. Add Public SSH key to `authorized_keys`

1. `unattend-updates`  Install

1. `apt full-upgrade`

```shell

cd ansible

ansible-playbook --ask-vault-pass linode.yml

```