Setup Debian

Half automated steps in order to have a proper debian installed with AWS, Azure, Scaleway, etc.

Prerequisites

  • A ssh account with root on the target.
  • A way to either connect with user,pass to the instance or the proper ssh key from the host put inside authorized_keys at the target.
  • Ansible with debops scripts. Works properly only in linux now.
  • A hostname pointing to the instance.

Steps

Create a host.yml file with contents:

all:
  hosts:
    <serverip>:
       ansible_domain: <servername>
       ansible_python_interpreter: /usr/bin/python3
       ansible_user: root
debops_all_hosts:
  hosts:
     <serverip>:
       ansible_domain: <servername>
       netbase__hostname: <servername>
       unattended_upgrades__mail_to: [example@example.com]
       unattended_upgrades__remove_unused: true
       tzdata__timezone: Europe/Paris
       docker_server__upstream: True
       ansible_python_interpreter: /usr/bin/python3

If you need to use a user/pass, you should add --ask-pass.

ansible-playbook -i host.yml ~/.ansible/collections/ansible_collections/debops/debops/playbooks/bootstrap.yml
ansible-playbook -i host.yml playbook.yml
ansible-playbook -i host.yml playbook_docker.yml #only if you need docker
ansible-playbook -i host.yml add_key.yml

Now check if you can connect with ssh with your username (not root) and you can do a sudo.

After that:

ansible-playbook -i host.yml disable_root.yml

Optional

Use the VPN-Harden script.

git clone https://github.com/akcryptoguy/vps-harden.git
cd vps-harden
sudo bash get-hard.sh