alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
645 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

17 Commits

Author SHA1 Message Date
Alan Orth c2a92269e4
roles/common: Add ipsets of abusive IPs to firewalld 
This uses the ipsets feature of the Linux kernel to create lists of
IPs (though could be MACs, IP:port, etc) that we can block via the
existing firewalld zone we are already using. In my testing it works
on CentOS 7, Ubuntu 16.04, and Ubuntu 18.04.

The list of abusive IPs currently comes from HPC's systemd journal,
where I filtered for hosts that had attempted and failed to log in
over 100 times. The list is formatted with tidy, for example:

    $ tidy -xml -iq -m -w 0 roles/common/files/abusers-ipv4.xml

See: https://firewalld.org/2015/12/ipset-support
 2019-10-05 12:28:30 +03:00
Alan Orth 7d8457e5b3
roles/common: Remove old SSH public key 2019-07-23 16:07:39 +03:00
Alan Orth 49cfbc4c47
roles/common: Add missing systemd-journald config 
I apparently forgot to add this when I committed the systemd-journald
changes a few weeks ago.
 2018-12-20 09:59:13 +02:00
Alan Orth f22b6af273
roles/common: Change mode of SSH public key 2018-05-30 08:32:11 -07:00
Alan Orth 37a88f676b
roles/common: Add new SSH public key for aorth 2018-05-30 07:48:38 -07:00
Alan Orth 131420be17
roles/common: Add task to copy tarsnaprc 
One less thing to do manually after server provisioning, and there is
nothing sensitive in here anyways.
 2018-05-20 12:51:02 +03:00
Alan Orth ad232a7a8b
roles/common: Remove old SSH key 2016-04-22 11:24:35 +03:00
Alan Orth 7f929d5b80
roles/common: Remove unused cron-apt files 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-22 23:42:03 +03:00
Alan Orth fc586a2297
roles/common: Adjust cron-apt stuff 
- Don't run the static files as templates
- Use a separate playbook for related tasks
- Use a template for security.sources.list

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-08-22 23:39:22 +03:00
Alan Orth 0d2763fb59
roles/common: Remove ECDSA SSH public key for aorth@noma 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-12 18:19:49 +03:00
Alan Orth d7dd81bc84
roles/common: Add ED25519 SSH public key for aorth@noma 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-12 18:19:21 +03:00
Alan Orth 3b6c9745ab
roles/common: Add provisioning user to sudoers 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-01-05 08:24:13 +03:00
Alan Orth c3f5e27642
roles/common: Add ECDSA public key for noma 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-12 13:25:48 +03:00
Alan Orth a265e48a9f
roles/common: Remove RSA public key 
Both client and server support ed25519, so there's no need to even
have the RSA key here.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-12 13:23:01 +03:00
Alan Orth 1ee7b385bf
roles/common: Rename SSH keys 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-11 13:19:32 +03:00
Alan Orth 1e2193efc9
roles/common: Add functionality to copy user keys to provisioning user 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-11 12:13:45 +03:00
Alan Orth 60b8ecdd4c
Initial commit 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-08-17 00:35:57 +03:00