directlx
/
dlx-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dlx-ansible/docs
History
directlx 538feb79c2 Add comprehensive security audit and Jenkins connectivity fixes 
Security Audit Infrastructure:
- Add security-audit.yml and security-audit-v2.yml playbooks
- Comprehensive security checks: SSH config, firewall, open ports,
  failed logins, auto-updates, password policies
- Generate per-server reports in /tmp/security-audit-*/
- Add SECURITY-AUDIT-SUMMARY.md with prioritized findings

Docker Server Security (Ready for Execution):
- Add secure-docker-server-firewall.yml playbook
- Three firewall modes: internal (recommended), selective, custom
- Add DOCKER-SERVER-SECURITY.md execution guide
- Security updates applied (107 packages upgraded)
- Firewall configuration saved for future execution

Jenkins Connectivity Fixes:
- Fixed Jenkins and SonarQube port blocking (opened 8080, 9000)
- Created jenkins host_vars with firewall configuration
- Restarted SonarQube containers (postgresql, sonarqube)
- Add JENKINS-CONNECTIVITY-FIX.md documentation

Jenkins SSH Agent Configuration:
- Add setup-jenkins-agent-ssh.yml for SSH key generation
- Enable password authentication for AWS Jenkins Master
- Created jenkins user SSH key pair
- Add comprehensive troubleshooting guide

NPM SSH Proxy Setup:
- Configure NPM as SSH proxy for Jenkins agents (port 2222)
- Update npm.yml host_vars with port 2222
- Add configure-npm-ssh-proxy.yml playbook
- Create nginx stream config at /data/nginx/stream/jenkins.conf
- Add NPM-SSH-PROXY-FOR-JENKINS.md full documentation
- Add JENKINS-NPM-PROXY-QUICK-REFERENCE.md quick guide

DNS Configuration:
- Add jenkins.directlx.dev to Pi-hole DNS
- Points to NPM server (192.168.200.71) for internal resolution

Key Security Findings:
- 16 servers audited
- Critical: Root SSH login enabled on 2 servers
- Critical: No firewall on several servers
- High: 65 pending security updates on docker server (now applied)
- High: Automatic updates not configured on most servers

Documentation:
- SECURITY-AUDIT-SUMMARY.md: Executive summary and remediation plan
- DOCKER-SERVER-SECURITY.md: Docker server security guide
- JENKINS-CONNECTIVITY-FIX.md: Jenkins firewall fix documentation
- JENKINS-SSH-AGENT-TROUBLESHOOTING.md: SSH troubleshooting guide
- NPM-SSH-PROXY-FOR-JENKINS.md: NPM proxy configuration
- JENKINS-NPM-PROXY-QUICK-REFERENCE.md: Quick reference guide

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 		2026-02-09 13:27:36 -05:00
..
DOCKER-SERVER-SECURITY.md Add comprehensive security audit and Jenkins connectivity fixes 2026-02-09 13:27:36 -05:00
JENKINS-CONNECTIVITY-FIX.md Add comprehensive security audit and Jenkins connectivity fixes 2026-02-09 13:27:36 -05:00
JENKINS-NPM-PROXY-QUICK-REFERENCE.md Add comprehensive security audit and Jenkins connectivity fixes 2026-02-09 13:27:36 -05:00
JENKINS-SSH-AGENT-TROUBLESHOOTING.md Add comprehensive security audit and Jenkins connectivity fixes 2026-02-09 13:27:36 -05:00
NPM-SSH-PROXY-FOR-JENKINS.md Add comprehensive security audit and Jenkins connectivity fixes 2026-02-09 13:27:36 -05:00
REMEDIATION-SUMMARY.md Add storage remediation playbooks and comprehensive audit documentation 2026-02-08 13:22:53 -05:00
SECURITY-AUDIT-SUMMARY.md Add comprehensive security audit and Jenkins connectivity fixes 2026-02-09 13:27:36 -05:00
STORAGE-AUDIT.md Add storage remediation playbooks and comprehensive audit documentation 2026-02-08 13:22:53 -05:00
STORAGE-REMEDIATION-GUIDE.md Add storage remediation playbooks and comprehensive audit documentation 2026-02-08 13:22:53 -05:00