basic-hardening

Example:

# Install and enable firewall & fail2ban on a new server.
- basic-hardening:
    ufw: true
    ufw_open_tcp:
    - 80
    - 443
    fail2ban: true

Description

This frecklet can be used to harden a freshly installed server. It installs and configures the fail2ban and ufw packages.

Variables

Name Type Default Description

fail2ban

boolean True

Whether to install and enable fail2ban.

ufw

boolean True

Whether to install and enable the ufw firewall.

ufw_open_tcp

list --

A list of tcp ports to open (if ufw enabled).

ufw_open_udp

list --

A list of udp ports to open (if ufw enabled).

Examples

Example 1

Install and enable firewall & fail2ban on a new server.

Code
- basic-hardening:
    ufw: true
    ufw_open_tcp:
    - 80
    - 443
    fail2ban: true
Description

Ssh port '22' will be enabled by default.

Command-line

frecklecute basic-hardening --help

Usage: frecklecute basic-hardening [OPTIONS]

  This frecklet can be used to harden a freshly installed server. It
  installs and configures the [fail2ban](https://www.fail2ban.org) and
  [ufw](http://gufw.org/) packages.

Options:
  --fail2ban / --no-fail2ban  Whether to install and enable fail2ban.
  --ufw / --no-ufw            Whether to install and enable the ufw firewall.
  --ufw-open-tcp PORT         A list of tcp ports to open (if ufw enabled).
  --ufw-open-udp PORT         A list of udp ports to open (if ufw enabled).
  --help                      Show this message and exit.