Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Install haveged. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | To avoid low-entropy conditions, see http://www.issihosts.com/haveged/ | |||
* | Install ClamAV. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Install common packages. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure S.M.A.R.T. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure NTP. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | We use a "master" NTP server, which synchronizes against stratum 1 servers (hence is a stratum 2 itself); all other clients synchronize to this master server through IPSec. | |||
* | Reorganization. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Common LDAP (slapd) configuration. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Common MySQL configuration. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Postfix master (nullmailer) configuration | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | We use a dedicated instance for each role: MDA, MTA out, MX, etc. | |||
* | Configure the (basic) logging policy. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure IPSec. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure fail2ban. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure rkhunter. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure samhain. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure v4 and v6 iptable rulesets. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure APT. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Configure /etc/{hosts,hostname,mailname}. | Guilhem Moulin | 2015-06-07 | 1 |
| | ||||
* | Basic ansible setup. | Guilhem Moulin | 2015-06-07 | 1 |
To run the playbook: cd ./ansible ansible-playbook -i vms site.yml |