...
- Enables the
docker
service. - Adds
vhost_vsock
module to the kernel. - Installs the
votp-taskset
with its service. - Adds
schedrt
rules to the kernel. - Adds modules to the kernel specified by
sriov_driver
. - Adds
sriov
andworkqueue_cpumask
rules to the kernel. - Configures
GRUB
. - Configures
irqbalance
. - Configures
systemd
. - Configures
slices
ofsystemd
. - Configures
ovs-vswitchd
service. - Installs
ptp_status
with its service.
Debian-hardening role
- Create
ansible
andprivileged
group. - Configures parameters of the kernel.
- Updates the
coredump
,kexec
andbinfmt_misc
rules to the kernel. - Installs
sysctl-hardening
andnetwork-hardening
rules to the kernel. - Adds
nf_conntrack
module to the kernel. - Installs
random-root-passwd
service and enable it. - Installs
mktmpdir
andterminal_idle
profile for a shell session. - Configures the SSH server.
- Installs ANSI and
ceph-osd-smartctl
rules tosudo
. - Adds users to
priviliged
groups. - Configures
sudo
to be run only users members ofprivileged
group. - Configures
login.defs
. - Configures PAM.
- Configures
securetty
. - Configures some services specified in
hardened_services
. - Uninstalls useless packages.
- Disable useless services.
- Sets a password to
GRUB
. - Installs
audit
configuration.
Corosync role
- Regenerates the authentication key.
- Synchronizes the key between the hosts.
- Generates the configuration of
corosync
.