This is an Ansible playbook which provisions an Ubuntu 18.04 server with a hardened configuration intended for being exposed to the internet.
- Ubuntu 18.04 server
One privileged user account with configurable username (user_username
) will be
created. It has passwordless sudo access and requires an SSH key for connecting.
All password logins are disabled and a firewall is setup which allows incoming
traffic only to port 22.
- Copy
hosts.template
ashosts
and fill the correct IP address of the server - Copy
group_vars/vars.template
asgroup_vars/vars
and fill the values - For the first run, change
remote_user
toroot
inplaybook.yml
. Afterwards revert back to{{ user_username }}
- Install Ansible on some computer. Execute
ansible-playbook -i hosts -v playbook.yml --ask-pass
. On subsequent runs drop the--ask-pass
and make sure ssh-agent is set up correctly for key authentication.