2022-11-18 18:33:37 +01:00
|
|
|
---
|
|
|
|
|
2022-11-21 16:52:36 +01:00
|
|
|
- name: "Setup a GNU/Linux target with standards or defined tags"
|
2022-11-18 18:33:37 +01:00
|
|
|
hosts: "{{ target if target is defined else 'planets' }}"
|
|
|
|
|
|
|
|
roles:
|
2022-11-24 10:21:06 +01:00
|
|
|
# --- Hardening ---
|
|
|
|
# Basic rules or good practises to apply
|
2022-11-23 11:59:37 +01:00
|
|
|
|
2022-11-24 10:21:06 +01:00
|
|
|
- { role: hardening-basic, tags: [hardening, ips, ids] }
|
|
|
|
- { role: iptables-basic, tags: [firewall, ips, ids] }
|
2023-01-11 17:44:16 +01:00
|
|
|
- { role: fail2ban-basic, tags: [hardening, fail2ban, ips, ids] }
|
|
|
|
- { role: auditd, tags: [hardening, auditd] }
|
2022-11-24 10:21:06 +01:00
|
|
|
- { role: iptables-webserver, tags: [firewall, webserver] }
|
2023-01-03 16:27:41 +01:00
|
|
|
- { role: iptables-kdeconnect, tags: [firewall] }
|
2022-11-21 16:52:36 +01:00
|
|
|
|
2022-12-27 20:37:22 +01:00
|
|
|
# --- Sysadmin ---
|
|
|
|
- { role: sysadmin-tools, tags: [sysadmin] }
|
2023-01-05 16:01:31 +01:00
|
|
|
- { role: wakeonlan, tags: [wol] }
|
2022-12-27 20:37:22 +01:00
|
|
|
|
2022-11-24 10:21:06 +01:00
|
|
|
# --- Services ---
|
|
|
|
# Role relative to services, applications and so on
|
|
|
|
- { role: ipfs, tags: [ipfs] }
|
|
|
|
- { role: yggdrasil, tags: [yggdrasil] }
|
|
|
|
- { role: snort-community, tags: [snort, ips, ids] }
|
|
|
|
- { role: dns-filter, tags: [dns_filter] }
|
|
|
|
- { role: samba, tags: [samba, smb] }
|