This is a simple chef recipe to automate the standard lock down steps on a fresh Ubuntu install, these are:
- Install Fail2Ban
- Install Unattended Upgrades
- Set the system to download updates daily
- set the GB Locale (not security exactly but relevant for SSL stuff)
- Disable SSH Password auth
- Install and configure apf-firewall
Root login is left as enabled. It's unclear what the benefit of disabling it is when password auth is disabled.