-
ansible-anu
ANU is an automated and simple way to securely provision a A New Ubuntu machine using Ansible.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
https://github.com/uxtely/ops-utils/tree/main/location-serve...
- Networking (Firewall, Jails/Containers)
I prefer to run Ubuntu machines and at least in terms of provisioning a new secure server I built an Ansible playbook I called 'ANU' (as in A New Ubuntu). I'd expand to other distros, but then I'd have to change the name!
https://github.com/MitchellCash/ansible-anu
It is based on the DevSec OS/SSH hardening playbooks, but I lean closer towards ease-of-use over security where I think it makes sense. For example, I disable forced password rotation and I keep the default umask value of '022' instead of the more secure '027'.
When I come across something the upstream playbooks change that "gets in my way", I will disable it if the security trade off makes sense for me. I'm not running highly sensitive systems, so these trade-offs make sense for me, and maybe they will for you as well!
In terms of ongoing security upkeep, I run the usual `apt update && apt dist-upgrade` when I can, but I’ll be keeping my eye on this thread for additional advice.
I’m building a product that tries to make this easy at https://pibox.io - but “secure” is a vague and tall goal post - although we cover things like service updates, firewalls, and abuse monitoring. Planning on a proper HN launch post soon!