What does trellis do about security lockdown when setting up server with ansible?
I have found this ansible book: https://gist.github.com/ryane/e0ea8e4a75b140bf799f Could it be implemented as part of the setup?
Or is it up to us to go through this:
https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
Is there a firewall at least?
Did you look through Trellis at all? It does many of those things.
- ufw is installed
- fail2ban
- Optionally better SSH security: https://roots.io/trellis/docs/security/
Nice, I stumbled upon that security script, just wondered if you already implemented something like that.