Skip to content

Adsizzlerlabs/initial-server-setup-centos-7

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ansible Playbook for Initial Server Setup with Centos 7

An Ansible playbook which runs a series of configuration steps to increase the security and usability of a new Centos 7 server, in order to provide a solid foundation for subsequent actions.

It borrows heavily from the work of: Bryan Kennedy, Ryan Eschinger,

It will perform the following:

  • Create a new "super user" with root privileges and public key authentication
  • Implement several SSH hardening techniques
  • Configure a basic and rich firewall
  • Configure the timezone and enable time synchronization
  • Modify the hostname and hosts file
  • Enable unattended upgrades
  • Install Fail2Ban

Optional extras:

  • Install New Relic Server monitoring
  • Install customised shell with Zsh and oh-my-zsh

Requirements

  • Ansible installed locally on your machine
  • Root SSH access to a new Centos 7 VPS

Configuration

Clone the repo

$ git clone https://github.com/Adsizzlerlabs/initial-server-setup-centos-7.git

Modify the variables in vars/main.yml according to your needs:

user: the username for your new "super user"

password: a hashed sudo password

public_key: the local path to your public SSH key

fqdn: your chosen FQDN

hostname: your chosen hostname

timezone: the most appropriate timezone for your server

ssh_port: your chosen SSH port

enable_newrelic: change to no to disable installation of New Relic Server monitor, which requires a New Relic license key

newrelic_license_key: your New Relic license key

enable_custom_shell: change to no to disable installation of customised shell with Zsh and oh-my-zsh

Testing

A Vagrantfile is provided which allows the playbook to be tested locally.

You will need Vagrant and Virtualbox installed, and you should uncomment the following lines in ansible.cfg to makes things work nicely.

# private_key_file = ~/.vagrant.d/insecure_private_key
# host_key_checking = False

Then run $ vagrant up to generate your virtual machine.

And then run the playbook:

$ ansible-playbook test_server_setup.yml

Production

Add your server's IP address to the hosts file

[production]
# e.g 192.168.1.1
# or host.example.com

Then run the playbook:

$ ansible-playbook initial_server_setup.yml --ask-pass

This repository inspired by https://github.com/lukeharvey/ansible-initial-server-setup

Releases

No releases published

Packages

No packages published