Last active
April 17, 2019 01:20
-
-
Save linuxmalaysia/b20b8622864970d0d6c7ff0bd6429bd4 to your computer and use it in GitHub Desktop.
Ansible script for hardening two files play.yml and requirements.yml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ansible script for hardening two files play.yml and requirements.yml | |
| This ansible steps are for hardening MariaDB server | |
| 1) ansible-galaxy install -r requirements.yml | |
| 2) ansible-playbook play.yml | |
| #### start of requirements.yml | |
| #### ansible-galaxy install -r requirements.yml | |
| # ansible-galaxy install -r requirements.yml | |
| # Install epel repo | |
| - src: geerlingguy.repo-epel | |
| #Install influxdata.chrony role from the Ansible Galaxy | |
| - src: influxdata.chrony | |
| # Install apache | |
| #- src: geerlingguy.apache | |
| # Apache hardening | |
| #- src: dev-sec.ansible_apache_hardening | |
| #Install Official Nginx | |
| #- src: nginxinc.nginx | |
| # Install Nginx Nginx | |
| #- src: dev-sec.nginx-hardening | |
| # Install mariabDB | |
| - src: bertvv.mariadb | |
| # | |
| - src: robertdebock.bootstrap | |
| # Install latest rsyslog | |
| - src: robertdebock.rsyslog | |
| # OS Hardening | |
| - src: dev-sec.os-hardening | |
| # lynis checker | |
| - src: linuxmalaysia.lynis_ansible | |
| #### end of requirements.yml | |
| #### start of play.yml | |
| #### ansible-playbook play.yml | |
| --- | |
| - hosts: 127.0.0.1 | |
| connection: local | |
| become: true | |
| tasks: | |
| - group_by: | |
| key: os_{{ ansible_distribution }} | |
| pre_tasks: | |
| - name: Ensure build dependencies are installed (RedHat / Centos) | |
| package: | |
| name: "{{ item }}" | |
| state: present | |
| with_items: | |
| - sudo | |
| - epel-release | |
| - byobu | |
| - git | |
| when: | |
| ansible_os_family == 'CentOS' or ansible_os_family == 'RedHat' | |
| - name: Ensure build dependencies are installed (Debian / Ubuntu) | |
| package: | |
| name: "{{ item }}" | |
| state: present | |
| with_items: | |
| - sudo | |
| - byobu | |
| - git | |
| when: | |
| ansible_os_family == 'Debian' or ansible_os_family == 'Ubuntu' | |
| roles: | |
| - { role: influxdata.chrony } | |
| - geerlingguy.repo-epel | |
| # - nginxinc.nginx | |
| # - dev-sec.nginx-hardening | |
| - bertvv.mariadb | |
| - robertdebock.bootstrap | |
| - robertdebock.rsyslog | |
| # - dev-sec.os-hardening | |
| - {role: linuxmalaysia.lynis_ansible, lynis_use_packages: true, lynis_audit_system_linux: true} | |
| #### end of play.yml | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment