Alan Orth
10cbf75c27
An attack on Triple DES was recently published[0]. It's not a very high severity attack but the fact is that Triple DES is very old and there are much better ciphers to use, like AES and ChaCha20. I logged the ciphers that were negotiated on all of my vhosts over a period of 72 hours and there were zero occurences of Triple DES, so I am removing it, as suggested by the authors of the attack as well as OpenSSL[1]. [0] https://sweet32.info [1] https://www.openssl.org/blog/blog/2016/08/24/sweet32/ |
||
---|---|---|
group_vars | ||
host_vars | ||
misc-plays | ||
roles | ||
vars | ||
.gitignore | ||
ansible.cfg | ||
LICENSE | ||
README.md | ||
site.yml | ||
web.yml |
Ansible Playbook
Ansible playbook for base and initial configuration of the web server hosting my personal websites. After successful execution of this playbook, however, there is still some manual work to import databases, copy site content, etc.
Assumptions
Before you can run this, a few things are assumed:
- You have a clean, minimal Debian 8 / Ubuntu 16.04 host up and running
- You have a user account with password-less SSH access to the machine
- You have sudo privileges on the remote host
- You have created a
hosts
file with something like:
[web]
web01
Use
Once you've satisfied the the above assumptions, you can execute:
$ ansible-playbook web.yml -i hosts --ask-become-pass
License
Copyright (C) 2014 - 2016 Alan Orth
The contents of this repository are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.