You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
795 B
32 lines
795 B
---
|
|
- hosts: all
|
|
become: yes
|
|
vars:
|
|
SALT: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters') }}"
|
|
|
|
# vars for os-hardening
|
|
#######################
|
|
sysctl_overwrite:
|
|
net.ipv4.ip_forward: True
|
|
|
|
# vars for ssh-hardening
|
|
########################
|
|
ssh_allow_users: "{{ USER }}"
|
|
ssh_allow_tcp_forwarding: local
|
|
ssh_client_alive_count: 2
|
|
ssh_print_last_log: True
|
|
sshd_custom_options:
|
|
- "TrustedUserCAKeys /etc/ssh/id_ecdsa_sk.pub"
|
|
|
|
ssh_kex:
|
|
- curve25519-sha256@libssh.org
|
|
- diffie-hellman-group-exchange-sha256
|
|
ssh_macs:
|
|
- hmac-sha2-512-etm@openssh.com
|
|
- hmac-sha2-256-etm@openssh.com
|
|
- umac-128-etm@openssh.com
|
|
|
|
roles:
|
|
- preamble
|
|
- ufw
|
|
- devsec.hardening.ssh_hardening
|