文件列表:

LICENSE (11345, 2023-12-13)
SECURITY.md (395, 2023-12-13)
Vagrantfile (706, 2023-12-13)
build_box.sh (754, 2023-12-13)
config/ (0, 2023-12-13)
config/ansible.cfg (117, 2023-12-13)
config/local.yml (1083, 2023-12-13)
http/ (0, 2023-12-13)
http/meta-data (0, 2023-12-13)
http/user-data (1127, 2023-12-13)
renovate.json (41, 2023-12-13)
scripts/ (0, 2023-12-13)
scripts/aws.sh (928, 2023-12-13)
scripts/cleanup.sh (2029, 2023-12-13)
scripts/hardening.sh (468, 2023-12-13)
scripts/minimize.sh (1126, 2023-12-13)
scripts/postproc.sh (392, 2023-12-13)
scripts/vagrant.sh (529, 2023-12-13)
ubuntu-20.04-vars.json (113, 2023-12-13)
ubuntu-22.04-vars.json (113, 2023-12-13)
ubuntu-aws-vars.json (86, 2023-12-13)
ubuntu-hardened-aws.pkr.hcl (1737, 2023-12-13)
ubuntu-hardened-box.pkr.hcl (2906, 2023-12-13)

# Hardened Ubuntu server templates This is a repository containing [Packer](https://www.packer.io/) templates to create a hardened [Ubuntu](https://releases.ubuntu.com) server. There are templates available for creating a - [Vagrant](https://www.vagrantup.com/) server base box - `.ova` package - [Amazon Machine Image (AMI)](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html) [20.04 LTS (Focal Fossa)](https://releases.ubuntu.com/focal/) and [22.04 LTS (Jammy Jellyfish)](https://releases.ubuntu.com/jammy/) are supported. The Ansible role used to make the server a bit more secure is available in the [konstruktoid/ansible-role-hardening](https://github.com/konstruktoid/ansible-role-hardening) repository. The role is installed and configured using [config/local.yml](./config/local.yml). See [https://www.packer.io/docs/builders](https://www.packer.io/docs/builders) and [https://www.packer.io/docs/post-processors](https://www.packer.io/docs/post-processors) on how to rewrite the template if you want to use it for another platforms. ## Usage ### Using `packer` #### Amazon Web Services Requires [Packer](https://www.packer.io/) and a [Amazon Web Services](https://aws.amazon.com/) account. Ensure that the correct `release` and `aws_region` are set in `ubuntu-aws-vars.json` before validating the configuration and building the Amazon Machine Image. ```sh export AWS_ACCESS_KEY_ID="" export AWS_SECRET_ACCESS_KEY="" packer init -upgrade -var-file ubuntu-aws-vars.json ubuntu-hardened-aws.pkr.hcl packer validate -var-file ubuntu-aws-vars.json ubuntu-hardened-aws.pkr.hcl packer build -timestamp-ui -var-file ubuntu-aws-vars.json ubuntu-hardened-aws.pkr.hcl ``` #### Local files > **Note** > > There are various issues when building a [Ubuntu release using subiquity](https://github.com/hashicorp/packer/issues/9115) Requires [Packer](https://www.packer.io/), [Vagrant](https://www.vagrantup.com/) and [VirtualBox](https://www.virtualbox.org). To build the Vagrant boxes and the `.ova` files , run `bash build_box.sh`. The script will validate the `Packer` template, the `Vagrantfile` and the shell scripts. It will then remove any old versions of the box before generating a new one. `packer build -force -timestamp-ui -var-file ubuntu-hardened-box.pkr.hcl` is the `packer` command used if all files are valid. ### Verification There's a [SLSA](https://slsa.dev/) artifact present under the [slsa action workflow](https://github.com/konstruktoid/hardened-images/actions/workflows/slsa.yml). Verification of the built local files can be done using `sha256sum -c ubuntu-hardened-server.sha256` or using similar commands. ## Using the box in a Vagrantfile ```ruby Vagrant.configure("2") do |config| config.vbguest.installer_options = { allow_kernel_upgrade: true } config.vm.provider "virtualbox" do |vb| vb.memory = 2048 vb.customize ["modifyvm", :id, "--uart1", "0x3F8", "4"] vb.customize ["modifyvm", :id, "--uartmode1", "file", File::NULL] end config.vm.define "focal" do |focal| focal.vm.hostname = "hardened-focal" focal.vm.box = "ubuntu-focal/20.04" focal.vm.box_url = "file://output/ubuntu-20.04.4-hardened-server.box" end config.vm.define "jammy" do |jammy| jammy.vm.hostname = "hardened-jammy" jammy.vm.box = "ubuntu-jammy/22.04" jammy.vm.box_url = "file://output/ubuntu-22.04-hardened-server.box" end end ``` ## Repository structure ```sh . ├── build_box.sh ├── config │ ├── ansible.cfg │ └── local.yml ├── http │ ├── meta-data │ └── user-data ├── LICENSE ├── output │ ├── ubuntu-20.04.6-hardened-server.box │ ├── ubuntu-20.04.6-hardened-server.ova │ ├── ubuntu-22.04.3-hardened-server.box │ ├── ubuntu-22.04.3-hardened-server.ova │ └── ubuntu-hardened-server.sha256 ├── README.md ├── renovate.json ├── scripts │ ├── aws.sh │ ├── cleanup.sh │ ├── hardening.sh │ ├── minimize.sh │ ├── postproc.sh │ └── vagrant.sh ├── SECURITY.md ├── ubuntu-20.04-vars.json ├── ubuntu-22.04-vars.json ├── ubuntu-aws-vars.json ├── ubuntu-hardened-aws.pkr.hcl ├── ubuntu-hardened-box.pkr.hcl └── Vagrantfile 4 directories, 26 files ``` ## Contributing Do you want to contribute? Great! Contributions are always welcome, no matter how large or small. If you found something odd, feel free to submit a issue, improve the code by creating a pull request, or by [sponsoring this project](https://github.com/sponsors/konstruktoid). ## License Apache License Version 2.0 ## Author Information [https://github.com/konstruktoid](https://github.com/konstruktoid "github.com/konstruktoid")

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：