Using ansible to hardening Linux Systems Remotely

[giovanni baldi]

I'm new of the Ansible World, and for the moment i used just to hardening some linux systems using every time the command locally:

ansible path_to_my_playbook.yml

There is a way to run this commant to a remote computer?  i tried adding a remote computer in the hosts files but or i make a mistake or it does not work

could you recommend some links that can help me?  as far i will have time i will start more in details how ansible works......but now i have to hader lots of Linux systems :-|

A.

 

[Mauricio Tavares]

On Mon, Aug 17, 2020 at 2:16 PM giovanni baldi <giob...@gmail.com> wrote:
>
>
> I'm new of the Ansible World, and for the moment i used just to hardening some linux systems using every time the command locally:
>
>> ansible path_to_my_playbook.yml
>
>
> There is a way to run this commant to a remote computer? i tried adding a remote computer in the hosts files but or i make a mistake or it does not work
>

Try

ansible-playbook path_to_my_playbook.yml

instead

> could you recommend some links that can help me? as far i will have time i will start more in details how ansible works......but now i have to hader lots of Linux systems :-|
>
> A.
>
>
>
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/51c0d17d-3d54-4c28-993f-5ee89c7fba9bo%40googlegroups.com.

[giob...@gmail.com]

Sorry i made a mistake......i used the command

ansible-playbook path_to_my_playbook.yml  

and in the hosts files i added the hostname and then the IP address of the remote Computer where i want apply the configurations. But does not work....:-(

[Mauricio Tavares]

On Mon, Aug 17, 2020 at 4:58 PM giob...@gmail.com <giob...@gmail.com> wrote:
>
> Sorry i made a mistake......i used the command
>
> ansible-playbook path_to_my_playbook.yml
>
> and in the hosts files i added the hostname and then the IP address of the remote Computer where i want apply the configurations. But does not work....:-(
>

Below are real files of mine. Only difference is that I changed the hostname:

file: hosts
[test]
testcentos
testfedora

File: host_vars/testcentos.yml
---
# File: host_vars/testcentos.yml
# OS: CentOS (for now? Make this so it does not care)

ansible_host: testfedora.example.com
ansible_port: 2022
ansible_ssh_private_key_file: ~/.ssh/ansible-test
ansible_user: root

File: test.yml
---
# file: test.yml
#

- hosts:
- test

vars:
# - some_var: "roles/test/handlers/duck.yml"
# - some_var: "wrongability"
- user_test: "Yes"
- file_test: "Maybe"
- string_test: true

roles:
- test

>
> Il giorno lunedì 17 agosto 2020 alle 20:31:48 UTC+2 raub...@gmail.com ha scritto:
>>
>> On Mon, Aug 17, 2020 at 2:16 PM giovanni baldi <giob...@gmail.com> wrote:
>> >
>> >
>> > I'm new of the Ansible World, and for the moment i used just to hardening some linux systems using every time the command locally:
>> >
>> >> ansible path_to_my_playbook.yml
>> >
>> >
>> > There is a way to run this commant to a remote computer? i tried adding a remote computer in the hosts files but or i make a mistake or it does not work
>> >
>> Try
>>
>> ansible-playbook path_to_my_playbook.yml
>>
>> instead
>>
>> > could you recommend some links that can help me? as far i will have time i will start more in details how ansible works......but now i have to hader lots of Linux systems :-|
>> >
>> > A.
>> >
>> >
>> >
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups "Ansible Project" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
>> > To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/51c0d17d-3d54-4c28-993f-5ee89c7fba9bo%40googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9e168278-a679-4d5f-ba92-84680d4c0f1cn%40googlegroups.com.

[John Petro]

Can you post the output with the error message you are getting?

--John

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAHEKYV7J%2BGCsSr%3DSA1WFw2tSSR7HPiC8b5D6N_t%3DYYa9a%3DQF2w%40mail.gmail.com.

[giob...@gmail.com]

For sure i'm making some mistake....

however the secure.yml  file i have:

- name Secure

  become: yes

   hosts:

               secured

  roles:  -  ubuntu18,04-desktop.cis  (downloaded by github)

in the hosts file i put

[secured]

192.168.1.126

fatal: [192.168.1.126]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh:"

but for the user account i  use i don't have any problem to ssh manually in that workstation, even without password because i have exported the key. however the problems seems that the ssh connection via ansible is not permitted. I suppose i have something to configure. but what?

[John Petro]

Do you have ssh keys set up between the ansible control node and the host you are running this against?  If not, you need to specify the username and password as well.  -u is the switch for user and then you would need -k or - Kk as well, depending on whether you have sudoers set up to allow you to execute passwordless root access or not. 

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8e63dfbe-d887-4252-ac3b-899b4b97dfb1n%40googlegroups.com.

[Mauricio Tavares]

On Wed, Aug 19, 2020 at 7:34 AM John Petro <jcp...@johnpetro.com> wrote:
>
> Do you have ssh keys set up between the ansible control node and the host you are running this against? If not, you need to specify the username and password as well. -u is the switch for user and then you would need -k or - Kk as well, depending on whether you have sudoers set up to allow you to execute passwordless root access or not.
>

Elaborating on what John said,

1. Try something like

ansible secured -m setup

Get the above running first. As he said, you may need to do something like

ansible secured -k -m setup

if you are not using ssh keypairs and/or

ansible secured -u USERNAME -k -m setup

if the login user is not the user you are running as (plus password).

2. If that works,

ansible --become -k -K secured -m shell -a "sudo pwd"

(adding user or not as needed based on results from previous step)

3. If the above works, here is the config file for my testubuntu box:

raub@desktop:~/dev/ansible$ cat host_vars/testubuntu.yml
---
# File: host_vars/testubuntu.yml
#

ansible_host: testubuntu.example.com
ansible_port: 2026
ansible_ssh_private_key_file: keys/ubuntu-test
ansible_user: root

raub@desktop:~/dev/ansible$

Yes, I put a pub key in root so I can avoid needing to use a password.
Whether this make sense or not in your setup is up to you, but the
point is that I know I have those 4 variables defined and where to
check them.

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob_DgL%3DBRHdq%2BboDyUoaonG_iaj-JG%2B_Wdx1TVUQk8LJkQ%40mail.gmail.com.