playbook.yml aktualisiert

This commit is contained in:
az 2024-05-08 09:47:30 +02:00
parent b0d7d35026
commit 17674683e9
1 changed files with 8 additions and 1 deletions

View File

@ -1,6 +1,8 @@
---
- name: ensure safe environment for exams
hosts: localhost
vars:
- config_ufw: false
# to verify ufw configuration run:
# sudo ufw status verbose
@ -29,7 +31,7 @@
path: /etc/ufw/before.rules
regexp: '(.*limit --limit*)'
replace: '#\1'
when: config_ufw
- name: Allow all access to tcp port 123
ufw:
rule: allow
@ -38,6 +40,7 @@
with_items:
- in
- out
when: config_ufw
- name: Allow SSH-Access to some servers
ufw:
@ -54,6 +57,7 @@
- { direction: 'out', destination: '10.16.1.1/32' }
- { direction: 'in', destination: '162.55.5.40/32' }
- { direction: 'out', destination: '162.55.5.40/32' }
when: config_ufw
- name: Allow https-Access to some servers
ufw:
rule: allow
@ -69,6 +73,7 @@
- { direction: 'out', destination: '10.16.1.1/32' }
- { direction: 'in', destination: '162.55.5.40/32' }
- { direction: 'out', destination: '162.55.5.40/32' }
when: config_ufw
- name: Allow DNS-Access to some servers
ufw:
@ -81,11 +86,13 @@
- { direction: 'out', destination: '10.0.0.1/32' }
- { direction: 'in', destination: '10.16.1.1/32' }
- { direction: 'out', destination: '10.16.1.1/32' }
when: config_ufw
- name: Allow dns
ufw: rule={{ item.rule }} port={{ item.port }}
with_items:
- { rule: 'allow', port: '53'}
when: config_ufw
- name: disable mounting of usb flash drives
file: