KNEL/KNELConfigMgmt-FetchApply
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
Files
afe61cae9dd9b2e1db30d0d4eb44f0cca93ddc16
KNELConfigMgmt-FetchApply/initializers/security-hardening/apply
Charles N Wyble afe61cae9d refactor: Remove librenms, add ansible/salt clients 
- Remove all librenms references from initializers and configuration
- Keep tailscale as requested (remove netbird plans)
- Add ansible-core (already present) and salt-minion packages
- Create salt-client initializer for minion configuration
- Update roles to replace librenms-agent with salt-client
- Simplify oam initializer to only handle up2date script
- Update README to reflect new architecture and tools

Prepares infrastructure for migration to Salt configuration management
while maintaining tailscale for VPN connectivity.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 11:43:35 -05:00

51 lines
1.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# KNEL Security Hardening Module
# Implements SCAP/STIG security compliance
set -euo pipefail
echo "Running security hardening module..."
# Enable auditd
systemctl --now enable auditd
# Configure sysctl security parameters
if [[ -f ./configs/sysctl-hardening.conf ]]; then
cp ./configs/sysctl-hardening.conf /etc/sysctl.d/99-security-hardening.conf
sysctl -p /etc/sysctl.d/99-security-hardening.conf
fi
# Configure core dumps
if [[ -f ./configs/security-limits.conf ]]; then
cp ./configs/security-limits.conf /etc/security/limits.d/security-lening.conf
fi
# Set file permissions
chmod 644 /etc/passwd
chmod 600 /etc/shadow
chmod 644 /etc/group
chmod 600 /etc/gshadow
# Remove dangerous packages
DEBIAN_FRONTEND="noninteractive" apt-get -y purge \
telnetd \
rsh-server \
rsh-client \
telnet \
|| true
# Install security tools
DEBIAN_FRONTEND="noninteractive" apt-get -y install \
aide \
lynis \
chkrootkit \
rkhunter \
|| true
# Initialize AIDE database
if [[ ! -f /var/lib/aide/aide.db ]]; then
aideinit
fi
echo "Security hardening module completed"
View Git Blame Copy Permalink