added ssh playbook

2025-10-06 22:02:48 +00:00 · 2025-01-11 19:02:56 -08:00
parent 7fba9be8a9
commit f1e5b16093
5 changed files with 32 additions and 180 deletions
--- a/ansible/ssh-hardening.yml
+++ b/ansible/ssh-hardening.yml
@@ -0,0 +1,32 @@
+- hosts: all
+  remote_user: root
+  tasks:
+
+  - name: Install fail2ban
+    ansible.builtin.apt:
+      pkg:
+      - fail2ban
+      state: latest
+      update_cache: yes
+
+  - name: Download and install fail2ban
+    ansible.builtin.shell:
+      cmd: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
+      cmd: systemctl enable fail2ban
+      cmd: systemctl start fail2ban  
+
+  - name: Replace PermitRootLogin 
+    ansible.builtin.replace:
+      path: /etc/ssh/sshd_config
+      regexp: PermitRootLogin yes
+      replace: PermitRootLogin prohibit-password
+
+  - name: Replace PasswordAuthentication
+    ansible.builtin.replace:
+      path: /etc/ssh/sshd_config
+      regexp: PasswordAuthentication yes
+      replace: PasswordAuthentication no    
+
+  - name: Restart SSH
+    ansible.builtin.shell:
+      cmd: systemctl restart ssh