Advanced Search
Search Results
77 total results found
Duo MFA Integration
Scope Duo MFA is enforced in two places: SSH login (v2.3+) — via PAM keyboard-interactive after publickey auth sudo (v2.4+) — via PAM at the auth phase, with AD password as the post-Duo factor The role uses Duo Security's official duo-unix package, not Ub...
SSH Hardening Reference
What This Page Covers This page walks through every directive in roles/ssh-baseline/templates/sshd_hardening.conf.j2 and explains how it lands on the target host. The deployed file is /etc/ssh/sshd_config.d/10-pbr-hardening.conf. The hardening is aligned wit...
Playbook Reference (Preflight, Verify, Teardown)
Playbooks Overview The repository contains four playbooks under playbooks/: PlaybookPurposeChanges target? preflight.ymlVerify readiness; no changesNo ssh-baseline.ymlRun preflight then apply the baseline roleYes verify.ymlPost-deployment validationNo te...
Known Limitations, Troubleshooting & Version History
Known Limitations & Accepted Risks LXC auditd compliance gap Affected hosts: pbr-graylog-kl1, pbr-thingsboard-kl1 Issue: auditd cannot run inside LXC containers. The kernel audit netlink interface is isolated from container namespaces. Forcing auditd to sta...
Ansible
Ansible-based configuration management for PBR Linux infrastructure. Hosts the ssh-baseline role and related playbooks. Source: github.com/Puffing-Billy-Railway/pbr-infra