basic-hardening
Example:
# Install and enable firewall & fail2ban on a new server. - basic-hardening: ufw: true ufw_open_tcp: - 80 - 443 fail2ban: true
Description
Variables
| Name | Type | Default | Description |
|---|---|---|---|
|
boolean | True | Whether to install and enable fail2ban. |
|
boolean | True | Whether to install and enable the ufw firewall. |
|
list | -- | A list of tcp ports to open (if ufw enabled). |
|
list | -- | A list of udp ports to open (if ufw enabled). |
Examples
Example 1
Install and enable firewall & fail2ban on a new server.
Code
- basic-hardening: ufw: true ufw_open_tcp: - 80 - 443 fail2ban: true
Description
Ssh port '22' will be enabled by default.
Code
doc: short_help: Basic security set-up for a newly installed server. help: | This frecklet can be used to harden a freshly installed server. It installs and configures the [fail2ban](https://www.fail2ban.org) and [ufw](http://gufw.org/) packages. examples: - title: Install and enable firewall & fail2ban on a new server. desc: | Ssh port '22' will be enabled by default. vars: ufw: true ufw_open_tcp: - 80 - 443 fail2ban: true args: ufw: doc: short_help: Whether to install and enable the ufw firewall. type: boolean default: true required: false cli: param_decls: - --ufw/--no-ufw ufw_open_tcp: doc: short_help: A list of tcp ports to open (if ufw enabled). type: list schema: type: integer required: false cli: metavar: PORT ufw_open_udp: doc: short_help: A list of udp ports to open (if ufw enabled). type: list schema: type: integer required: false cli: metavar: PORT fail2ban: doc: short_help: Whether to install and enable fail2ban. default: true type: boolean required: false cli: param_decls: - --fail2ban/--no-fail2ban meta: tags: - featured-frecklecutable - hardening - security - firewall - fail2ban - ufw frecklets: - frecklet: name: freckfrackery.basic-security type: ansible-role resources: ansible-role: - freckfrackery.basic-security desc: short: initial server security setup references: "'freckfrackery.basic-security' Ansible role": https://gitlab.com/freckfrackery/freckfrackery.basic-security properties: idempotent: true elevated: true internet: '{{:: ufw or fail2ban ::}}' task: become: true vars: basic_security_enable_ufw: '{{:: ufw ::}}' basic_security_tcp_ports: '{{:: ufw_open_tcp ::}}' basic_security_udp_ports: '{{:: ufw_open_udp ::}}' basic_security_enable_fail2ban: '{{:: fail2ban ::}}'
frecklecute basic-hardening --help Usage: frecklecute basic-hardening [OPTIONS] This frecklet can be used to harden a freshly installed server. It installs and configures the [fail2ban](https://www.fail2ban.org) and [ufw](http://gufw.org/) packages. Options: --fail2ban / --no-fail2ban Whether to install and enable fail2ban. --ufw / --no-ufw Whether to install and enable the ufw firewall. --ufw-open-tcp PORT A list of tcp ports to open (if ufw enabled). --ufw-open-udp PORT A list of udp ports to open (if ufw enabled). --help Show this message and exit.
# -*- coding: utf-8 -*- # # module path: pycklets.basic_hardening.BasicHardening # from dataclasses import dataclass from pyckles import AutoPycklet from typing import * # noqa @dataclass class BasicHardening(AutoPycklet): """This frecklet can be used to harden a freshly installed server. It installs and configures the [fail2ban](https://www.fail2ban.org) and [ufw](http://gufw.org/) packages. Args: fail2ban: Whether to install and enable fail2ban. ufw: Whether to install and enable the ufw firewall. ufw_open_tcp: A list of tcp ports to open (if ufw enabled). ufw_open_udp: A list of udp ports to open (if ufw enabled). """ FRECKLET_ID = "basic-hardening" fail2ban: bool = None ufw: bool = None ufw_open_tcp: List = None ufw_open_udp: List = None def __post_init__(self): super(BasicHardening, self).__init__(var_names=["fail2ban", "ufw", "ufw_open_tcp", "ufw_open_udp"]) frecklet_class = BasicHardening
# -*- coding: utf-8 -*- # # module path: pycklets.basic_hardening.BasicHardening # from pyckles import AutoPycklet class BasicHardening(AutoPycklet): """This frecklet can be used to harden a freshly installed server. It installs and configures the [fail2ban](https://www.fail2ban.org) and [ufw](http://gufw.org/) packages. Args: fail2ban: Whether to install and enable fail2ban. ufw: Whether to install and enable the ufw firewall. ufw_open_tcp: A list of tcp ports to open (if ufw enabled). ufw_open_udp: A list of udp ports to open (if ufw enabled). """ FRECKLET_ID = "basic-hardening" def __init__(self, fail2ban=True, ufw=True, ufw_open_tcp=None, ufw_open_udp=None): super(BasicHardening, self).__init__(var_names=["fail2ban", "ufw", "ufw_open_tcp", "ufw_open_udp"]) self._fail2ban = fail2ban self._ufw = ufw self._ufw_open_tcp = ufw_open_tcp self._ufw_open_udp = ufw_open_udp @property def fail2ban(self): return self._fail2ban @fail2ban.setter def fail2ban(self, fail2ban): self._fail2ban = fail2ban @property def ufw(self): return self._ufw @ufw.setter def ufw(self, ufw): self._ufw = ufw @property def ufw_open_tcp(self): return self._ufw_open_tcp @ufw_open_tcp.setter def ufw_open_tcp(self, ufw_open_tcp): self._ufw_open_tcp = ufw_open_tcp @property def ufw_open_udp(self): return self._ufw_open_udp @ufw_open_udp.setter def ufw_open_udp(self, ufw_open_udp): self._ufw_open_udp = ufw_open_udp frecklet_class = BasicHardening