Setup Debian
Half automated steps in order to have a proper debian installed with AWS, Azure, Scaleway, etc.
Prerequisites
- A ssh account with root on the target.
- A way to either connect with user,pass to the instance or the proper ssh key from the host put inside authorized_keys at the target.
- Ansible with debops scripts. Works properly only in linux now.
- A hostname pointing to the instance.
Steps
Create a host.yml file with contents:
all:
hosts:
<serverip>:
ansible_domain: <servername>
ansible_python_interpreter: /usr/bin/python3
ansible_user: root
debops_all_hosts:
hosts:
<serverip>:
ansible_domain: <servername>
netbase__hostname: <servername>
unattended_upgrades__mail_to: [example@example.com]
unattended_upgrades__remove_unused: true
tzdata__timezone: Europe/Paris
docker_server__upstream: True
ansible_python_interpreter: /usr/bin/python3
If you need to use a user/pass, you should add --ask-pass.
ansible-playbook -i host.yml ~/.ansible/collections/ansible_collections/debops/debops/playbooks/bootstrap.yml
ansible-playbook -i host.yml playbook.yml
ansible-playbook -i host.yml playbook_docker.yml #only if you need docker
ansible-playbook -i host.yml add_key.yml
Now check if you can connect with ssh with your username (not root) and you can do a sudo.
After that:
ansible-playbook -i host.yml disable_root.yml
Optional
Use the VPN-Harden script.
git clone https://github.com/akcryptoguy/vps-harden.git
cd vps-harden
sudo bash get-hard.sh