Search Results

Overview Printers at your site are automatically configured on your computer by IT when your account is set up. You do not need to add them manually — they should appear in your printer list when you go to print. If a printer you expect to have is missing, con...

Printer Shows as Offline The printer appears in your list but shows "Offline": Check the printer itself — is it powered on and showing a ready or idle status on its display? Check there is no paper jam (open the trays and covers briefly to inspect) On your co...

Welcome to Puffing Billy Railway This guide will walk you through the key IT setup steps for your first week. Work through the checklist below in order — if you get stuck on anything, contact IT Helpdesk. IT Helpdesk: [email protected] | Portal: helpdesk.pbr...

Your Computer PBR-issued computers run Windows and are managed by IT via Microsoft Intune. This means: Software is deployed and updated centrally — you do not need to install updates manually IT can remotely assist you if you have a problem Company policies a...

Purpose This book documents PBR's Ansible-based configuration management for Linux infrastructure. It covers the ssh-baseline role, supporting playbooks, design rationale, deployment procedure, and operational reference. The ssh-baseline role establishes a h...

Purpose of this Page This page captures the rationale behind every non-obvious design choice in the ssh-baseline role. Each entry follows the pattern: What we did → Why → Trade-off accepted. Where possible, comments inside the role itself reference these dec...

When to Use This Runbook Follow this runbook when adding a new Ubuntu host to the SSH baseline. The procedure assumes: The host runs Ubuntu 22.04 or 24.04 LTS (the role's supported versions) The host has a real hostname (not ubuntu or localhost) The host ca...

Variable Source Hierarchy Variables resolve in standard Ansible precedence order. The role uses three layers: Role defaults — roles/ssh-baseline/defaults/main.yml (lowest precedence; the safe baseline) Group vars — inventory/group_vars/all/main.yml (organis...

Overview The role integrates Ubuntu hosts with Active Directory via SSSD using realm join. Once joined, AD users authenticate via Kerberos (with their AD password), are authorised via AD group membership, and have their SSH public keys retrieved from the sshP...

Scope Duo MFA is enforced in two places: SSH login (v2.3+) — via PAM keyboard-interactive after publickey auth sudo (v2.4+) — via PAM at the auth phase, with AD password as the post-Duo factor The role uses Duo Security's official duo-unix package, not Ub...

What This Page Covers This page walks through every directive in roles/ssh-baseline/templates/sshd_hardening.conf.j2 and explains how it lands on the target host. The deployed file is /etc/ssh/sshd_config.d/10-pbr-hardening.conf. The hardening is aligned wit...

Playbooks Overview The repository contains four playbooks under playbooks/: PlaybookPurposeChanges target? preflight.ymlVerify readiness; no changesNo ssh-baseline.ymlRun preflight then apply the baseline roleYes verify.ymlPost-deployment validationNo te...

Known Limitations & Accepted Risks LXC auditd compliance gap Affected hosts: pbr-graylog-kl1, pbr-thingsboard-kl1 Issue: auditd cannot run inside LXC containers. The kernel audit netlink interface is isolated from container namespaces. Forcing auditd to sta...