rebase #19
1 changed files with 18 additions and 0 deletions
|
@ -12,6 +12,7 @@ packages:
|
|||
- curl
|
||||
- gnupg
|
||||
- lsb-release
|
||||
- fail2ban
|
||||
|
||||
write_files:
|
||||
- path: /etc/iptables/rules.v4
|
||||
|
@ -47,7 +48,24 @@ write_files:
|
|||
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp6-port-unreachable
|
||||
COMMIT
|
||||
|
||||
|
||||
runcmd:
|
||||
- 'iptables-restore < /etc/iptables/rules.v4'
|
||||
- 'ip6tables-restore < /etc/iptables/rules.v6'
|
||||
|
||||
- [systemctl, enable, --now, fail2ban]
|
||||
|
||||
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/ssh/etc/ssh/sshd_config, --output, /etc/ssh/sshd_config.d/99-hardening.conf]
|
||||
- [systemctl, restart, ssh]
|
||||
|
||||
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-network-filesystems.conf, --output, /etc/modprobe.d/disable-network-filesystems.conf]
|
||||
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-rare-filesystems.conf, --output, /etc/modprobe.d/disable-rare-filesystems.conf]
|
||||
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-rare-protocols.conf, --output, /etc/modprobe.d/disable-rare-protocols.conf]
|
||||
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/modprobe/etc/modprobe.d/disable-vivid.conf, --output, /etc/modprobe.d/disable-vivid.conf]
|
||||
|
||||
- [curl, https://gitea.it/Unitoo/dot-files/raw/branch/master/sysctl/etc/sysctl.conf, --output, /etc/sysctl.d/99-hardening.conf]
|
||||
- [sysctl, -p]
|
||||
|
||||
- [mkdir, -p, /usr/local/apt-keys]
|
||||
- [gpg, --fetch-keys, https://neilalexander.s3.dualstack.eu-west-2.amazonaws.com/deb/key.txt]
|
||||
- 'gpg --export 569130E8CA20FBC4CB3FDE555898470A764B32C9 | tee /usr/local/apt-keys/yggdrasil-keyring.gpg > /dev/null'
|
||||
|
|
Loading…
Reference in a new issue