Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First time user feedback on the README. #774

Open
qurm opened this issue Nov 14, 2024 · 1 comment
Open

First time user feedback on the README. #774

qurm opened this issue Nov 14, 2024 · 1 comment
Assignees
@konstruktoid

Comments

@qurm
Copy link

qurm commented Nov 14, 2024

Describe the bug
As a first time user of this ansible role, I had a couple of issues that I was able to work through, but would have been easier if covered in the readme documentation. Can I suggest some updates to the readme for these points?

  1. I had a similar issue to this one.
    [BUG] User locked out if not in *sudo* group #326
    I was unable to connect over ssh - this message in sshd log: .. because none of user's groups are listed in AllowGroups
    My ansible user had sudo permissions, was in AllowUsers, was in /etc/sudoers, but not in the sudo group, so I was initially locked out of the server.
    It is not clear what the purpose of the sugroup group is - should an ansible or admin user be in that group also?

  2. When setting up a new server, when is the best stage to run the hardening role?
    Should I setup the server applications before hardening? I found at minor issue when installing an application, and was unclear if this was due to the hardening.
    A brief summary of the purpose of the changes in defaults/main/packagemgmt.yml would have been helpful.

Expected behavior
Just an easier experience for those new to hardening via Ansible.

System (lsb_release -a or similar):
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble

Additional context
Thanks for this invaluable and well-maintained role, and I have run it many times without any errors.
I am happy to draft some text for the readme to assist with this.
@konstruktoid
Copy link
Owner

Hi @qurm and thanks for the feedback.

  1. https://github.com/konstruktoid/ansible-role-hardening/blob/master/README.md?plain=1#L833-L837 could perhaps be rewritten to clarify how it all works.

  2. Since this role is pretty massive (and that doesn't have to be a good thing), my steps are:
    Install distribution -> Run hardening role -> Install application using a role that applies all necessary changes for the application to work.

Updating the readme with the the purpose of the changes in defaults/main/packagemgmt.yml would indeed be a good thing.

Thanks for the kind words and if you want to submit a PR with any updates, please do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@konstruktoid konstruktoid

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qurm @konstruktoid