ansible-collection-hardening
netboot.xyz
ansible-collection-hardening | netboot.xyz | |
---|---|---|
25 | 104 | |
3,704 | 8,119 | |
1.9% | 6.0% | |
9.1 | 9.9 | |
14 days ago | 1 day ago | |
Jinja | Jinja | |
Apache License 2.0 | Apache-2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ansible-collection-hardening
-
Ask HN: What open-source projects are you currently contributing to and why?
An ansible collection for hardening Linux systems I mostly wrote: https://github.com/dev-sec/ansible-collection-hardening
Another ansible collection to manage Icinga: https://github.com/T-Systems-MMS/ansible-collection-icinga-d...
And the yunohost app for invoice ninja: https://github.com/YunoHost-Apps/invoiceninja5_ynh
-
Ansible - how widely used is it ?
i have some packer builds where itll install ansible, run playbooks locally, then uninstall ansible. such as the the devsec os hardening role: https://github.com/dev-sec/ansible-collection-hardening
- What hardening before forwarding services?
-
Security Harden Ubuntu 22.04
This collection is also interesting https://github.com/dev-sec/ansible-collection-hardening/
-
What you guys use for website protection? We use sentinel one but doesn't cover web related items
Second you want to ensure the os is secure and up to date. Take a look at os hardening best practices, for example this ansible playbook for linux: https://github.com/dev-sec/ansible-collection-hardening
- Ansible for automation/ hardening.
-
How do you document your (whole) setup ? Looking for ideas.
To ensure SSH and other security related things are configured correctly, you can take a look at DevSec which helps you to apply proven security configuration principles. Also there is guides like "Secure Secure Shell" which can help you to better understand what you can do to increase the security of your servers (this one is from 2015 but many aspects are still relevant).
-
Recommendations for advanced material (reading material, courses, etc) on server security?
I learned a lot by using and reading through the source code of these ansible roles: https://github.com/dev-sec/ansible-collection-hardening
-
Ask HN: How to secure Ubuntu VPS in 2022?
Have a look at https://github.com/dev-sec/ansible-collection-hardening
-
SSH Bastion host best practices: How to Build and Deploy a Security-Hardened SSH Bastion Host
You can do much more https://github.com/dev-sec/ansible-collection-hardening/tree/master/roles/ssh_hardening
netboot.xyz
-
Ubuntu Desktop 24.04 LTS: Noble Numbat
I learned about https://netboot.xyz/ the other day. Worked fantastic when I didn't have a big enough thumb drive. Not exactly the same though.
- Show HN: Netboot.xyz, Pxe Netboot Manager
-
Show HN: 3 years and 1M users later, I just open-sourced my "Internet OS"
I replied to a reply of yours with this same info, but since you’re both sorta asking the same thing, I’ll post it here for you also.
https://netboot.xyz/
https://github.com/netbootxyz/netboot.xyz
-
Ventoy
Knew about http://netboot.xyz, but had no idea iVentoy existed. Good to know.
-
problems with connection
Set the computer to PXE boot, or use a boot image with iPXE (such as netboot.xyz). That would quickly rule out a problem with Debian or the Linux kernel (at least until you download and boot one). I don't know anything about your network setup, but making sure DHCP is enabled on your router and there are enough unreserved IP addresses would probably help.
-
Fedora CoreOS for container hosting; is butane/ignition worth the effort?
Hey thanks for the detailed response. You're saying you boot FCOS on bare metal over PXE, correct? I've thought about trying that approach, but have little experience with PXE and TFTP. I just checked out netboot.xyz and it looks surprisingly easy to get going. Last time I played around with PXE I used Synology's TFTP server and, while I got it working, I was more confused by the end than when I started. I think actually learning PXE end-to-end and understanding what I am doing there would be a solid foundation for building my environment the right way.
-
Custom RAM boot PXE Linux
For netbooting we rely on a netboot.xyz inspired ipxe based setup.
- Ntwork-based bootable operating system installer based on iPXE
-
Instance won't even begin to boot after hard restart. Nothing makes sense
[[UPDATE]]: The fix was as 'simple' as going into the 'bios', and selecting 'add a boot option', which automatically came up with the correct EFI file/path, then putting it at the top of the boot order. 'Simple' it wasn't, many new and temporary instances brought online while digging my way through it all, and finally just going with a brand new Debian Bookworm and migrating my data over from the old disk file. At least I learned a lot about recovering from this weird circumstance. The incorrect EFI file/path must be an artifact of using netboot.xyz to install Deb Bookworm over a previously provisioned Ubuntu instance. Makes sense I guess. Still loving netboot.xyz as a super fast way to spin up an unsupported OS.
-
20 Years of Grml.org
I learned about GRML only a few years ago. Absolutely love the mixture of power and minimalism. Here is the only ISO which increases my mileage even more: https://netboot.xyz
What are some alternatives?
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
Ventoy - A new bootable USB solution.
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
homelab - Fully automated homelab from empty disk to running services with a single command.
goss - Quick and Easy server testing/validation
netboot.xyz-proxmox - Configuration scripts and procedure for adding Proxmox VE to netboot.xyz.
RHEL7-CIS - Ansible role for Red Hat 7 CIS Baseline
ipxe - iPXE network bootloader
ansible-collection-nginx - Ansible collection for NGINX
netboot - Packages and utilities for network booting
setup-ipsec-vpn - Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
cloudinit - Official upstream for the cloud-init: cloud instance initialization