directlx
/
dlx-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
19 Commits 1 Branch 0 Tags 168 KiB
Shell 89.9%
Jinja 10.1%
Go to file
directlx 538feb79c2 Add comprehensive security audit and Jenkins connectivity fixes 
Security Audit Infrastructure:
- Add security-audit.yml and security-audit-v2.yml playbooks
- Comprehensive security checks: SSH config, firewall, open ports,
  failed logins, auto-updates, password policies
- Generate per-server reports in /tmp/security-audit-*/
- Add SECURITY-AUDIT-SUMMARY.md with prioritized findings

Docker Server Security (Ready for Execution):
- Add secure-docker-server-firewall.yml playbook
- Three firewall modes: internal (recommended), selective, custom
- Add DOCKER-SERVER-SECURITY.md execution guide
- Security updates applied (107 packages upgraded)
- Firewall configuration saved for future execution

Jenkins Connectivity Fixes:
- Fixed Jenkins and SonarQube port blocking (opened 8080, 9000)
- Created jenkins host_vars with firewall configuration
- Restarted SonarQube containers (postgresql, sonarqube)
- Add JENKINS-CONNECTIVITY-FIX.md documentation

Jenkins SSH Agent Configuration:
- Add setup-jenkins-agent-ssh.yml for SSH key generation
- Enable password authentication for AWS Jenkins Master
- Created jenkins user SSH key pair
- Add comprehensive troubleshooting guide

NPM SSH Proxy Setup:
- Configure NPM as SSH proxy for Jenkins agents (port 2222)
- Update npm.yml host_vars with port 2222
- Add configure-npm-ssh-proxy.yml playbook
- Create nginx stream config at /data/nginx/stream/jenkins.conf
- Add NPM-SSH-PROXY-FOR-JENKINS.md full documentation
- Add JENKINS-NPM-PROXY-QUICK-REFERENCE.md quick guide

DNS Configuration:
- Add jenkins.directlx.dev to Pi-hole DNS
- Points to NPM server (192.168.200.71) for internal resolution

Key Security Findings:
- 16 servers audited
- Critical: Root SSH login enabled on 2 servers
- Critical: No firewall on several servers
- High: 65 pending security updates on docker server (now applied)
- High: Automatic updates not configured on most servers

Documentation:
- SECURITY-AUDIT-SUMMARY.md: Executive summary and remediation plan
- DOCKER-SERVER-SECURITY.md: Docker server security guide
- JENKINS-CONNECTIVITY-FIX.md: Jenkins firewall fix documentation
- JENKINS-SSH-AGENT-TROUBLESHOOTING.md: SSH troubleshooting guide
- NPM-SSH-PROXY-FOR-JENKINS.md: NPM proxy configuration
- JENKINS-NPM-PROXY-QUICK-REFERENCE.md: Quick reference guide

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 		2026-02-09 13:27:36 -05:00
docs Add comprehensive security audit and Jenkins connectivity fixes 2026-02-09 13:27:36 -05:00
files Initial Ansible project structure 2026-02-04 06:37:33 -05:00
group_vars Add Proxmox group_vars to disable UFW 2026-02-04 09:21:14 -05:00
host_vars Add comprehensive security audit and Jenkins connectivity fixes 2026-02-09 13:27:36 -05:00
inventory Add Proxmox cluster hosts 2026-02-04 08:43:18 -05:00
playbooks Add comprehensive security audit and Jenkins connectivity fixes 2026-02-09 13:27:36 -05:00
roles/common Add common role, scripts, and documentation 2026-02-04 08:33:36 -05:00
scripts Add common role, scripts, and documentation 2026-02-04 08:33:36 -05:00
templates Update Pi-hole DNS playbook for v6 2026-02-04 09:56:31 -05:00
.gitignore Initial Ansible project structure 2026-02-04 06:37:33 -05:00
HOSTS.md Add Proxmox cluster hosts 2026-02-04 08:43:18 -05:00
README.md Initial commit 2026-02-04 11:26:42 +00:00
USAGE.md Add common role, scripts, and documentation 2026-02-04 08:33:36 -05:00
ansible.cfg Add common role, scripts, and documentation 2026-02-04 08:33:36 -05:00

README.md

dlx-ansible