I decided to convert the Ansible code to Bash for simplicity.
Ansible role to harden Debian systems.
This role has been tested with Debian 12 (bookworm).
Warning: this is only a partial hardening and it should only serve as inspiration to make your own real hardening based on your specific environment.
- Install this role using the
ansible-galaxyCLI tool - You can then include it into the
taskssection of your Ansible Playbook. Seetest/playbook.ymlfor an example of how to do that. Remember to replace the role name withdmotte.hardening.
Note: this role must be run as root (
ansible_become: true).
See defaults/main.yml.
If you want to contribute to this project, you can use the test/playbook.yml file to test the role while editing it.
Place your inventory file (e.g. hosts.yml) inside the test folder.
Edit the vars section of the test/playbook.yml file to match your scenario.
You can then execute the playbook against your host:
cd test/
ansible-playbook -i hosts.yml playbook.yml