Skip to content

Latest commit

 

History

History
94 lines (75 loc) · 5.34 KB

README.md

File metadata and controls

94 lines (75 loc) · 5.34 KB

terraform-rockylinux-libvirt

Terraform to Create Rocky Linux on KVM/Libvirt

Requirements

Name Version
terraform = 1.8.3
libvirt 0.7.6

Providers

Name Version
libvirt 0.7.6
template n/a

Inputs

Name Description Type Required
rocky9_cloudinit_disk Qcow2 cloud-init location any yes
rocky9_cloudinit_pool Which Pool to located cloud-init.iso any yes
rocky9_domain_memory Vm Memory any yes
rocky9_domain_name VM name any yes
rocky9_domain_vcpu VM Cpu count any yes
rocky9_name VM name any yes
rocky9_network_name VM Network name any yes
rocky9_volume_format Volume format .. Qcow2 any yes
rocky9_volume_name Qcow2 volume name any yes
rocky9_volume_pool Pool to locate VM any yes
rocky9_volume_size size in bytes ... equals to 30GB https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/volume#size any yes
rocky9_volume_source Rocky linux Qcow2 disk image any yes

Outputs

Name Description
ip Output Server IP

SSH-Audit

ssh-audit  -2 127.0.0.1
# general
(gen) banner: SSH-2.0-OpenSSH_8.7
(gen) software: OpenSSH 8.7
(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+
(gen) compression: enabled (zlib@openssh.com)

# security
(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege escalation via supplemental groups
(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response

# key exchange algorithms
(kex) curve25519-sha256                     -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76
                                            `- [info] default key exchange since OpenSSH 6.4
(kex) curve25519-sha256@libssh.org          -- [info] available since OpenSSH 6.4, Dropbear SSH 2013.62
                                            `- [info] default key exchange since OpenSSH 6.4
(kex) diffie-hellman-group16-sha512         -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
(kex) diffie-hellman-group18-sha512         -- [info] available since OpenSSH 7.3
(kex) diffie-hellman-group-exchange-sha256 (3072-bit) -- [info] available since OpenSSH 4.4
                                                      `- [info] OpenSSH's GEX fallback mechanism was triggered during testing. Very old SSH clients will still be able to create connections using a 2048-bit modulus, though modern clients will use 3072. This can only be disabled by recompiling the code (see https://github.com/openssh/openssh-portable/blob/V_9_4/dh.c#L477).

# host-key algorithms
(key) rsa-sha2-512 (4096-bit)               -- [info] available since OpenSSH 7.2
(key) rsa-sha2-256 (4096-bit)               -- [info] available since OpenSSH 7.2
(key) ssh-ed25519                           -- [info] available since OpenSSH 6.5

# encryption algorithms (ciphers)
(enc) chacha20-poly1305@openssh.com         -- [info] available since OpenSSH 6.5
                                            `- [info] default cipher since OpenSSH 6.9
(enc) aes256-gcm@openssh.com                -- [info] available since OpenSSH 6.2
(enc) aes128-gcm@openssh.com                -- [info] available since OpenSSH 6.2
(enc) aes256-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
(enc) aes192-ctr                            -- [info] available since OpenSSH 3.7
(enc) aes128-ctr                            -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52

# message authentication code algorithms
(mac) hmac-sha2-256-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) hmac-sha2-512-etm@openssh.com         -- [info] available since OpenSSH 6.2
(mac) umac-128-etm@openssh.com              -- [info] available since OpenSSH 6.2

# fingerprints
(fin) ssh-ed25519: SHA256:y0irEICTkwOvIP47FGEIb+/MqQ1LYgVA+Jl8IeUxY4c
(fin) ssh-rsa: SHA256:2GzmQeU6Gqqjz5yPsdv4L8HO76PlBQEhCUBvD5TWBmw

# algorithm recommendations (for OpenSSH 8.7)
(rec) +sntrup761x25519-sha512@openssh.com   -- kex algorithm to append