|
|
@@ -39,6 +39,7 @@ What do you get if you point this thing at a VPS? All kinds of good stuff!
|
|
39
|
39
|
* Web hosting (ex: for your blog) via "Apache":https://www.apache.org/.
|
|
40
|
40
|
* Firewall management via "ferm":http://ferm.foo-projects.org/.
|
|
41
|
41
|
* Intrusion prevention via "fail2ban":http://www.fail2ban.org/ and rootkit detection via "rkhunter":http://rkhunter.sourceforge.net.
|
|
|
42
|
+* SSH configuration preventing root login and insecure password authentication
|
|
42
|
43
|
* Nightly backups to "Tarsnap":https://www.tarsnap.com/.
|
|
43
|
44
|
* A bunch of nice-to-have tools like "mosh":http://mosh.mit.edu and "htop":http://htop.sourceforge.net that make life with a server a little easier.
|
|
44
|
45
|
|
|
|
@@ -65,7 +66,6 @@ This does a lot for you automatically but there's still some stuff you have to d
|
|
65
|
66
|
# Put your SSL certificate's components in the respective files that start with @wildcard_ca@ in @roles/common/files@, and a combined version in @roles/ircbouncer/files/etc_ssl_znc-combined.pem@.
|
|
66
|
67
|
# Set up SPF and reverse DNS "as per the inspirational post":http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/. Make sure to validate that it's all working, for example by sending an email to <a href="mailto:check-auth@verifier.port25.com">check-auth@verifier.port25.com</a> and reviewing the report that will be emailed back to you.
|
|
67
|
68
|
# Sign in to the ZNC web interface and set things up to your liking.
|
|
68
|
|
-# You should probably disable remote root login and password-based logins in @/etc/ssh/sshd_config@ but that's up to you.
|
|
69
|
69
|
|
|
70
|
70
|
Now, the time-consuming part: grep through the files for the string @TODO@ and replace as necessary. You'll probably want to check out all the files in the respective @vars/@ sub-directories in each playbook directory.
|
|
71
|
71
|
|
Luke Cyca
11 years ago