Skip to content

jobetinfosec/ansible-debian10-bootstrap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
bootstrap
bootstrap
 
 
sudo_user
sudo_user
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Initial setup of Debian 10 server

Description

Initial setup of Debian 10 server.

Roles

First role (sudo_user)

  • System update
  • Check if reboot is required
  • Create sudo admin, add ssh public key and set no password in sudoers file

Second role (bootstrap)

  • Set timezone
  • Install tcpdump
  • SSH hardening (custom port, disable IPv6 port, disable root login, disable password login and disable no password login)

Tested on

Debian 10 server (ver. 10)

Requisites

a) Cloud Platform account
b) A VPS server with Debian 10 already installed
c) An SSH key pair

Instructions

a) On your laptop create a working directory

b) In your working directory open a console window

c) Clone github repository

git clone https://github.com/jobetinfosec/ansible-debian10-bootstrap.git

d) Switch to first role directory

cd ansible-debian10-bootstrap/sudo_user

e) Open the hosts file

nano hosts

f) Replace <TEMPORARY_ITEMS> with your own data:

<SERVER_IP> replace <SERVER_IP> with the actual IP address of your remote server
<PRIVATE_KEY_NAME> replace it with your private key's name

then save and close the file

g) Open the defaults main.yml file

nano roles/basic/defaults/main.yml

h) Replace <TEMPORARY_ITEMS> with your own data:

<USER_NAME> replace <USER_NAME> with the name of sudo user
<PASSWORD_HASH> replace it with the hash of sudo user's password (to create a password hash use mkpasswd --method=sha-512 command. If mkpasswd is not installed, install it with apt-get install whois)
<PUBLIC_KEY_NAME> replace it with your public key's name

then save and close the file

i) Check if you are able to ping remote server

ansible -m ping all

You should receive a SUCCESS message

j) Check if any error shows up

ansible-playbook sudo_user.yml --check

k) Launch installation

ansible-playbook sudo_user.yml

l) Switch to second role directory

cd ansible-debian10-bootstrap/bootstrap

m) Open the hosts file

nano hosts

n) Replace <TEMPORARY_ITEMS> with your own data:

<SERVER_IP> replace <SERVER_IP> with the actual IP address of your remote server
<USER_NAME> replace it with sudo user name
<SUDO_USER_PASSWORD> replace it with sudo user password

then save and close the file

o) Open the defaults main.yml file

nano roles/basic/defaults/main.yml

p) Replace <TEMPORARY_ITEMS> with your own data:

<USER_NAME> replace <USER_NAME> with the name of sudo user
<PASSWORD_HASH> replace it with the hash of sudo user's password (already created during first role "sudo_user")
<PUBLIC_KEY_NAME> replace it with your public key's name <CUSTOM_SSH_PORT> replace it with your custom ssh port

then save and close the file

q) Check if you are able to ping remote server with sudo user's name

ansible -u <SUDO_USER_NAME> -m ping all

You should receive a SUCCESS message

r) Check if any error shows up

ansible-playbook debian_bootstrap.yml --check

s) Launch installation

ansible-playbook debian_bootstrap.yml

Licence

MIT licence

Author Information

Created by Roberto Jobet ([email protected]).

Don't hesitate to open an Issue if you find any bug or have suggestions.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published