Jeff Geerling (geerlingguy) explores Linux server security configuration using Ansible, following examples in chapter 10 of Ansible for DevOps.
Ansible for DevOps: https://www.ansiblefordevops.com
Support Jeff on GitHub: https://github.com/sponsors/geerlingguy
Support Jeff on Patreon: https://www.patreon.com/geerlingguy
Contents:
00:00:00 - Start
00:00:35 - Intro
00:04:26 - Questions from last episode
00:07:42 - Linux security setup with Ansible
00:09:50 - 9 Basic security measures
00:12:54 - Use secure encrypted communications
00:16:10 - History of SSH (rlogin, telnet)
00:19:38 - Securing SSH
00:23:50 - Ansible SSH security playbook
00:37:29 - Managing users and sudoers
00:43:40 - Remove unused apps
00:46:09 - Principle of least privilege
00:47:30 - POSIX file permissions
00:51:00 - Automatic updates with Ansible
00:54:59 - Configuring a firewall with Ansible
00:59:40 - Oops - locked myself out
01:00:37 - Security role on Galaxy
01:01:52 - Other security concerns
01:03:16 - Outtro