By default, Ubuntu Server is not very secure:
- Automatic security updates are not enabled
- The 'ufw' firewall is not enabled
- SSH key-based logins have to be explicitly created
- and so on…
For my own personal use, I have followed guides such as http://hardenubuntu.com/ to turn on unattended-upgrades, install fail2ban, etc. But now I am running a business in the cloud and don't want to repeat all these steps manually every time I spin up a new instance. Is there an Ubuntu distro/variant that comes with "production-ready" security and doesn't need to be manually hardened? Solutions using configuration management tools (Chef, Puppet, Ansible, etc) will also work.
And if there is NOT such a thing, why not?
Best Answer
If you're looking for these features you need to use the Ubuntu Cloud image instead of the traditional server image.
ufw
you can turn it on.From your comments it looks like you want to automate your deployment with Ansible. Ansible and cloud-init is a popular pattern in the cloud, there are lots of guides on how to do that, here's one as a start:
Here are a bunch of examples of configuration for cloud-init that you can use to derive custom configs of your own: