kleinstuff.centos-base

Ansible role to set up basic packages and settings for CentOS 7 systems. This role is inspired by the great work done here: https://github.com/bau-sec/ansible-openvpn-hardened

Requirements

You need to set up "ansible_centos_base__authorized_keys" with at least one SSH key. You can use multiple lines for more than one key. I plan to change this to let you use an "install user" for initial setup, after which you can add all your admin users.

Role Variables

User configured for Ansible

    ansible_centos_base__username: centos

Default system timezone

    ansible_centos_base__timezone: 'America/Sao_Paulo'

At least 1 SSH public key (you can add more than one key using multiline with | )

    ansible_centos_base__authorized_key: |
        "ssh-rsa...
         ssh-rsa..."

Basic system packages

   ansible_centos_base__packages:
      - git
      - sudo
      - vim-enhanced
      - which
      - yum-plugin-keys
      - mlocate
      - setroubleshoot-server
      - python-firewall
      - python-pip
      - python-virtualenv
      - gnupg
      - aide
      - openssl
      - rsyslog
      - logrotate
      - yum-cron

Additional packages (useful for group_vars or host_vars), but empty by default.

    ansible_centos_base__packages_extra

Dependencies

This role has no dependencies, just make sure to check the #Requirements section above.

Example Playbook

- hosts: servers
  roles:
     - { role: kleinstuff.centos-centos-base }

#ToDo

• Set up automatic tests with TravisCI
• Enable creation of more users
• Allow optional firewalld setup

License

GPLv3

Author Information

You can reach out to me with questions through GitHub issues on my project repository.