ilia
3415340e26
All checks were successful
CI / skip-ci-check (pull_request) Successful in 1m18s
CI / lint-and-test (pull_request) Successful in 1m21s
CI / ansible-validation (pull_request) Successful in 2m43s
CI / secret-scanning (pull_request) Successful in 1m19s
CI / dependency-scan (pull_request) Successful in 1m23s
CI / sast-scan (pull_request) Successful in 2m28s
CI / license-check (pull_request) Successful in 1m20s
CI / vault-check (pull_request) Successful in 2m21s
CI / playbook-test (pull_request) Successful in 2m19s
CI / container-scan (pull_request) Successful in 1m48s
CI / sonar-analysis (pull_request) Successful in 1m26s
CI / workflow-summary (pull_request) Successful in 1m17s
29 lines
553 B
Markdown
29 lines
553 B
Markdown
# Security reference
|
|
|
|
## Overview
|
|
|
|
Security in this repo is implemented via:
|
|
- hardened SSH + firewall defaults (`roles/ssh/`)
|
|
- baseline system configuration (`roles/base/`)
|
|
- monitoring/intrusion prevention on servers (`roles/monitoring_server/`)
|
|
- secrets handled via Ansible Vault (`inventories/production/group_vars/all/vault.yml`)
|
|
|
|
## Recommended execution
|
|
|
|
```bash
|
|
# Dry-run first
|
|
make check
|
|
|
|
# Apply security-tagged tasks
|
|
make security
|
|
```
|
|
|
|
## Vault
|
|
|
|
- Vault guide: `docs/guides/vault.md`
|
|
|
|
## Canonical standards
|
|
|
|
- `project-docs/standards.md`
|
|
|