blob: 14cb7ae98d656188a8aa38f6efff541b634b04fb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
---
- include: sysctl.yml
tags: sysctl
- include: hosts.yml
- include: apt.yml
tags: apt
- name: Install intel-microcode
apt: pkg=intel-microcode
when: "ansible_processor[0] | search('^(Genuine)?Intel.*') and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')"
tags: intel
- include: firewall.yml
tags:
- firewall
- iptables
- include: stunnel.yml
tags: stunnel
- include: samhain.yml
tags: samhain
- include: auditd.yml
tags: auditd
- include: rkhunter.yml
tags: rkhunter
- include: clamav.yml
tags: clamav
- include: fail2ban.yml
tags: fail2ban
- include: smart.yml
tags:
- smartmontools
- smart
when: "not ((ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') or ansible_system_vendor == 'QEMU')"
- include: haveged.yml
tags:
- haveged
- entropy
- name: Copy genkeypair.sh and gendhparam.sh
copy: src=usr/local/bin/{{ item }}
dest=/usr/local/bin/{{ item }}
owner=root group=root
mode=0755
tags: genkey
with_items:
- genkeypair.sh
- gendhparam.sh
- name: Generate DH parameters
command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem
tags: genkey
- include: logging.yml
tags: logging
- include: ntp.yml
tags: ntp
- include: mail.yml
tags:
- mail
- postfix
- include: bacula.yml
tags:
- bacula-fd
- bacula
- include: munin-node.yml
tags:
- munin-node
- munin
- include: munin-node-ssl.yml
when: "'munin-master' not in group_names"
tags:
- munin-node
- munin
- name: Install common packages
apt: pkg={{ item }}
with_items:
- ca-certificates
- etckeeper
- ethtool
- git
- htop
- molly-guard
- rsync
- screen
- telnet-ssl
|
