configurations-ansible/roles/hardening-basic/README.md

hardening-basic
=========

This role harden a target with best practises for SSH, modprobe and sysctl

Requirements
------------

.

Role Variables
--------------

- **hardening_sshd_enabled** (boolean): Enable or disable ssh hardening
- **hardening_sshd_authorized_key_file** (string): Set the relative path for sshd authorized_key_file
- **hardening_sshd_tcp_forward** (boolean): Enable or disable sshd tcp forwarding
- **hardening_sshd_legal_banner** (boolean): Enable or disable sshd legal banner (/etc/issue.net)
- **hardening_sshd_permissions_set_sticky_bit** (boolean): Enable or disable the sticky bit for sshd directory and files (root)
- **hardening_sysctl_vm_swappiness** (integer): Set the value for sysctl vm.swappiness 
- **hardening_sysctl_disable_ipv6** (boolean): Enable or disable ipv6 though sysctl
- **hardening_modprobe_disable_list** (dict): Array of sections. Each section contains an array of string: modules, protocols and so on that can be disabled through modprobe
- **hardening_journald_system_max_use** (string): Example 250M
- **hardening_journald_system_max_file_size** (string): Example 50M

Dependencies
------------

. 

Example Playbook
----------------

`ansible-playbook -i inventory/example.yml handbook.yml --extra-vars="target=your_target" --tags hardening`

License
-------

GPLv3

Author Information
------------------

- [Claudio Maradonna](https://social.unitoo.it/claudio)
update README for hardening-basic 2022-11-21 15:02:03 +01:00			`hardening-basic`
init repo with: iptables, pihole, snort, yggdrasil, basic hardening, os-updates 2022-11-18 18:33:37 +01:00			`=========`

update README for hardening-basic 2022-11-21 15:02:03 +01:00			`This role harden a target with best practises for SSH, modprobe and sysctl`
init repo with: iptables, pihole, snort, yggdrasil, basic hardening, os-updates 2022-11-18 18:33:37 +01:00
			`Requirements`
			`------------`

update README for hardening-basic 2022-11-21 15:02:03 +01:00			`.`
init repo with: iptables, pihole, snort, yggdrasil, basic hardening, os-updates 2022-11-18 18:33:37 +01:00
			`Role Variables`
			`--------------`

updating some roles with README 2022-11-21 16:52:36 +01:00			`- hardening_sshd_enabled (boolean): Enable or disable ssh hardening`
			`- hardening_sshd_authorized_key_file (string): Set the relative path for sshd authorized_key_file`
			`- hardening_sshd_tcp_forward (boolean): Enable or disable sshd tcp forwarding`
			`- hardening_sshd_legal_banner (boolean): Enable or disable sshd legal banner (/etc/issue.net)`
			`- hardening_sshd_permissions_set_sticky_bit (boolean): Enable or disable the sticky bit for sshd directory and files (root)`
			`- hardening_sysctl_vm_swappiness (integer): Set the value for sysctl vm.swappiness`
			`- hardening_sysctl_disable_ipv6 (boolean): Enable or disable ipv6 though sysctl`
			`- hardening_modprobe_disable_list (dict): Array of sections. Each section contains an array of string: modules, protocols and so on that can be disabled through modprobe`
optimized hardening-basic role; add journalctl hardening 2022-11-22 11:42:08 +01:00			`- hardening_journald_system_max_use (string): Example 250M`
			`- hardening_journald_system_max_file_size (string): Example 50M`
init repo with: iptables, pihole, snort, yggdrasil, basic hardening, os-updates 2022-11-18 18:33:37 +01:00
			`Dependencies`
			`------------`

update README for hardening-basic 2022-11-21 15:02:03 +01:00			`.`
init repo with: iptables, pihole, snort, yggdrasil, basic hardening, os-updates 2022-11-18 18:33:37 +01:00
			`Example Playbook`
			`----------------`

update README for hardening-basic 2022-11-21 15:02:03 +01:00			`ansible-playbook -i inventory/example.yml handbook.yml --extra-vars="target=your_target" --tags hardening`
init repo with: iptables, pihole, snort, yggdrasil, basic hardening, os-updates 2022-11-18 18:33:37 +01:00
			`License`
			`-------`

update README for hardening-basic 2022-11-21 15:02:03 +01:00			`GPLv3`
init repo with: iptables, pihole, snort, yggdrasil, basic hardening, os-updates 2022-11-18 18:33:37 +01:00
			`Author Information`
			`------------------`

update README for hardening-basic 2022-11-21 15:02:03 +01:00			`- [Claudio Maradonna](https://social.unitoo.it/claudio)`