playbook.yml aktualisiert
This commit is contained in:
parent
b0d7d35026
commit
17674683e9
|
|
@ -1,6 +1,8 @@
|
|||
---
|
||||
- name: ensure safe environment for exams
|
||||
hosts: localhost
|
||||
vars:
|
||||
- config_ufw: false
|
||||
|
||||
# to verify ufw configuration run:
|
||||
# sudo ufw status verbose
|
||||
|
|
@ -29,7 +31,7 @@
|
|||
path: /etc/ufw/before.rules
|
||||
regexp: '(.*limit --limit*)'
|
||||
replace: '#\1'
|
||||
|
||||
when: config_ufw
|
||||
- name: Allow all access to tcp port 123
|
||||
ufw:
|
||||
rule: allow
|
||||
|
|
@ -38,6 +40,7 @@
|
|||
with_items:
|
||||
- in
|
||||
- out
|
||||
when: config_ufw
|
||||
|
||||
- name: Allow SSH-Access to some servers
|
||||
ufw:
|
||||
|
|
@ -54,6 +57,7 @@
|
|||
- { direction: 'out', destination: '10.16.1.1/32' }
|
||||
- { direction: 'in', destination: '162.55.5.40/32' }
|
||||
- { direction: 'out', destination: '162.55.5.40/32' }
|
||||
when: config_ufw
|
||||
- name: Allow https-Access to some servers
|
||||
ufw:
|
||||
rule: allow
|
||||
|
|
@ -69,6 +73,7 @@
|
|||
- { direction: 'out', destination: '10.16.1.1/32' }
|
||||
- { direction: 'in', destination: '162.55.5.40/32' }
|
||||
- { direction: 'out', destination: '162.55.5.40/32' }
|
||||
when: config_ufw
|
||||
|
||||
- name: Allow DNS-Access to some servers
|
||||
ufw:
|
||||
|
|
@ -81,11 +86,13 @@
|
|||
- { direction: 'out', destination: '10.0.0.1/32' }
|
||||
- { direction: 'in', destination: '10.16.1.1/32' }
|
||||
- { direction: 'out', destination: '10.16.1.1/32' }
|
||||
when: config_ufw
|
||||
|
||||
- name: Allow dns
|
||||
ufw: rule={{ item.rule }} port={{ item.port }}
|
||||
with_items:
|
||||
- { rule: 'allow', port: '53'}
|
||||
when: config_ufw
|
||||
|
||||
- name: disable mounting of usb flash drives
|
||||
file:
|
||||
|
|
|
|||
Loading…
Reference in New Issue