ansible-collection-hardening
algo
Our great sponsors
ansible-collection-hardening | algo | |
---|---|---|
25 | 155 | |
3,667 | 28,273 | |
1.9% | 0.5% | |
9.2 | 6.7 | |
3 days ago | 17 days ago | |
Jinja | Jinja | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ansible-collection-hardening
-
Ask HN: What open-source projects are you currently contributing to and why?
An ansible collection for hardening Linux systems I mostly wrote: https://github.com/dev-sec/ansible-collection-hardening
Another ansible collection to manage Icinga: https://github.com/T-Systems-MMS/ansible-collection-icinga-d...
And the yunohost app for invoice ninja: https://github.com/YunoHost-Apps/invoiceninja5_ynh
-
Ansible - how widely used is it ?
i have some packer builds where itll install ansible, run playbooks locally, then uninstall ansible. such as the the devsec os hardening role: https://github.com/dev-sec/ansible-collection-hardening
- What hardening before forwarding services?
-
Security Harden Ubuntu 22.04
This collection is also interesting https://github.com/dev-sec/ansible-collection-hardening/
-
What you guys use for website protection? We use sentinel one but doesn't cover web related items
Second you want to ensure the os is secure and up to date. Take a look at os hardening best practices, for example this ansible playbook for linux: https://github.com/dev-sec/ansible-collection-hardening
- Ansible for automation/ hardening.
-
How do you document your (whole) setup ? Looking for ideas.
To ensure SSH and other security related things are configured correctly, you can take a look at DevSec which helps you to apply proven security configuration principles. Also there is guides like "Secure Secure Shell" which can help you to better understand what you can do to increase the security of your servers (this one is from 2015 but many aspects are still relevant).
-
Recommendations for advanced material (reading material, courses, etc) on server security?
I learned a lot by using and reading through the source code of these ansible roles: https://github.com/dev-sec/ansible-collection-hardening
-
Ask HN: How to secure Ubuntu VPS in 2022?
Have a look at https://github.com/dev-sec/ansible-collection-hardening
-
SSH Bastion host best practices: How to Build and Deploy a Security-Hardened SSH Bastion Host
You can do much more https://github.com/dev-sec/ansible-collection-hardening/tree/master/roles/ssh_hardening
algo
- Show HN: WireHole New UI Makes Managing WireGuard Clients Easy
-
Wireguard with Algo VPN on VPS with tunnel-all traffic
Since we're already presuming you have a functional PFSense box with Wireguard installed and a VPS stood up, now you need to get Algo installed on the VPS. I'm not going to write this part out in detail, but basically you need to follow the procedures here to get Algo installed. However, *before* running ./algo you probably want to edit some of the config.cfg settings. I disabled IPSec (which saves a bunch of package installs and prevents a bunch of failures I saw on some of my VPSs), set my reduce_mtu setting to 80 just to prevent any MTU issues down the line, turned off DNS encryption, and renamed my users to the servers in question (for example: pfsense, vps_server, etc)
-
Best Platform to run Stable Diffusion REMOTELY: Answers Needed
Check out the command line args for Auto1111, it talks about a gradio setup that can be accessed remotely. There's a time limit on gradio links though, I think. You could also set up a vpn that will allow you to access your PC remotely, then run A1111 with the --listen command and access it that way. I've done this with an Algo VPN on Azure and a Wireguard client for Windows for Android, but any VPN that lets you access your PC remotely would work.
-
School does not allow VPN
One way you could try to get around is building your own VPN service, like this: https://github.com/trailofbits/algo/blob/master/README.md
-
Internet Kill switch not working
Things I have tried so far: Clear network cache and reset adapters - IDK it fix aprevious problem I had https://github.com/trailofbits/algo/discussions/14504
- Any servers working in Russia left?
-
Ubuntu Port Forwarding on Oracle. Is it just broken??? HELP!
(I can simply install Algo and get the Wireguard tunnel working, easy peasy... But from there, I can never get Plex port 32400 open... so I'm just trying from scratch now...)
-
Wireguard docker container - route traffic to host
Maybe try running algo vpn (following the road-warrior setup) in a VM instead? It has very light requirements. https://github.com/trailofbits/algo/blob/master/docs/deploy-to-ubuntu.md
- Quick VPN Setup with AWS Lightsail and WireGuard
- Onlyfans'in Türkiye'de yasaklanması için CİMER'e şikayet kampanyası başlatıldı.
What are some alternatives?
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
streisand - Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
tailscale - The easiest, most secure way to use WireGuard and 2FA.
goss - Quick and Easy server testing/validation
outline-apps - Outline Client and Manager, developed by Jigsaw. Outline Manager makes it easy to create your own VPN server. Outline Client lets you share access to your VPN with anyone in your network, giving them access to the free and open internet.
RHEL7-CIS - Ansible role for Red Hat 7 CIS Baseline
Visual Studio Code - Visual Studio Code
ansible-collection-nginx - Ansible collection for NGINX
pivpn - The Simplest VPN installer, designed for Raspberry Pi
netboot.xyz - Your favorite operating systems in one place. A network-based bootable operating system installer based on iPXE.
Gravitational Teleport - Protect access to all of your infrastructure