Alan Orth
c2a92269e4
roles/common: Add ipsets of abusive IPs to firewalld
...
This uses the ipsets feature of the Linux kernel to create lists of
IPs (though could be MACs, IP:port, etc) that we can block via the
existing firewalld zone we are already using. In my testing it works
on CentOS 7, Ubuntu 16.04, and Ubuntu 18.04.
The list of abusive IPs currently comes from HPC's systemd journal,
where I filtered for hosts that had attempted and failed to log in
over 100 times. The list is formatted with tidy, for example:
$ tidy -xml -iq -m -w 0 roles/common/files/abusers-ipv4.xml
See: https://firewalld.org/2015/12/ipset-support
2019-10-05 12:28:30 +03:00
Alan Orth
7d8457e5b3
roles/common: Remove old SSH public key
2019-07-23 16:07:39 +03:00
Alan Orth
49cfbc4c47
roles/common: Add missing systemd-journald config
...
I apparently forgot to add this when I committed the systemd-journald
changes a few weeks ago.
2018-12-20 09:59:13 +02:00
Alan Orth
f22b6af273
roles/common: Change mode of SSH public key
2018-05-30 08:32:11 -07:00
Alan Orth
37a88f676b
roles/common: Add new SSH public key for aorth
2018-05-30 07:48:38 -07:00
Alan Orth
131420be17
roles/common: Add task to copy tarsnaprc
...
One less thing to do manually after server provisioning, and there is
nothing sensitive in here anyways.
2018-05-20 12:51:02 +03:00
Alan Orth
ad232a7a8b
roles/common: Remove old SSH key
2016-04-22 11:24:35 +03:00
Alan Orth
7f929d5b80
roles/common: Remove unused cron-apt files
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-22 23:42:03 +03:00
Alan Orth
fc586a2297
roles/common: Adjust cron-apt stuff
...
- Don't run the static files as templates
- Use a separate playbook for related tasks
- Use a template for security.sources.list
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-08-22 23:39:22 +03:00
Alan Orth
0d2763fb59
roles/common: Remove ECDSA SSH public key for aorth@noma
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-12 18:19:49 +03:00
Alan Orth
d7dd81bc84
roles/common: Add ED25519 SSH public key for aorth@noma
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-12 18:19:21 +03:00
Alan Orth
3b6c9745ab
roles/common: Add provisioning user to sudoers
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-01-05 08:24:13 +03:00
Alan Orth
c3f5e27642
roles/common: Add ECDSA public key for noma
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-12 13:25:48 +03:00
Alan Orth
a265e48a9f
roles/common: Remove RSA public key
...
Both client and server support ed25519, so there's no need to even
have the RSA key here.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-12 13:23:01 +03:00
Alan Orth
1ee7b385bf
roles/common: Rename SSH keys
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-11 13:19:32 +03:00
Alan Orth
1e2193efc9
roles/common: Add functionality to copy user keys to provisioning user
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-10-11 12:13:45 +03:00
Alan Orth
60b8ecdd4c
Initial commit
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-08-17 00:35:57 +03:00