playbook.yml aktualisiert

This commit is contained in:
az 2024-05-07 22:42:16 +02:00
parent cbac698e31
commit 688ecab5cf
1 changed files with 104 additions and 102 deletions

View File

@ -1,34 +1,36 @@
---
- name: ensure safe environment for exams
hosts: localhost
# to verify ufw configuration run:
# sudo ufw status verbose
- name: Install ufw
tasks:
- name: Install ufw
apt: package=ufw state=present
- name: Configure ufw defaults
- name: Configure ufw defaults
ufw: direction={{ item.direction }} policy={{ item.policy }}
with_items:
- { direction: 'incoming', policy: 'deny' }
- { direction: 'outgoing', policy: 'deny' }
# disable ipv6
- lineinfile:
# disable ipv6
- lineinfile:
path: /etc/default/ufw
state: present
regexp: '^IPV6'
line: 'IPV6=no'
- name: Enable ufw logging
- name: Enable ufw logging
ufw: logging=off
- name: Commenting a line.
- name: Commenting a line.
replace:
path: /etc/ufw/before.rules
regexp: '(.*limit --limit*)'
replace: '#\1'
- name: Allow all access to tcp port 123
- name: Allow all access to tcp port 123
ufw:
rule: allow
port: '123'
@ -37,7 +39,7 @@
- in
- out
- name: Allow SSH-Access to some servers
- name: Allow SSH-Access to some servers
ufw:
rule: allow
direction: '{{ item.direction }}'
@ -50,7 +52,7 @@
- { direction: 'out', destination: '10.16.1.1/32' }
- { direction: 'in', destination: '162.55.5.40/32' }
- { direction: 'out', destination: '162.55.5.40/32' }
- name: Allow https-Access to some servers
- name: Allow https-Access to some servers
ufw:
rule: allow
direction: '{{ item.direction }}'
@ -64,21 +66,21 @@
- { direction: 'in', destination: '162.55.5.40/32' }
- { direction: 'out', destination: '162.55.5.40/32' }
- name: Enable ufw
- name: Enable ufw
ufw: state=enabled
- name: Allow dns
- name: Allow dns
ufw: rule={{ item.rule }} port={{ item.port }}
with_items:
- { rule: 'allow', port: '53'}
- name: start ufw service
- name: start ufw service
service:
name: ufw
state: restarted
- name: purge some prior installed packages
- name: purge some prior installed packages
apt:
name:
- task-kde-desktop