playbook.yml aktualisiert
This commit is contained in:
parent
cbac698e31
commit
688ecab5cf
30
playbook.yml
30
playbook.yml
|
|
@ -1,34 +1,36 @@
|
|||
---
|
||||
- name: ensure safe environment for exams
|
||||
hosts: localhost
|
||||
|
||||
# to verify ufw configuration run:
|
||||
# sudo ufw status verbose
|
||||
|
||||
- name: Install ufw
|
||||
tasks:
|
||||
- name: Install ufw
|
||||
apt: package=ufw state=present
|
||||
|
||||
- name: Configure ufw defaults
|
||||
- name: Configure ufw defaults
|
||||
ufw: direction={{ item.direction }} policy={{ item.policy }}
|
||||
with_items:
|
||||
- { direction: 'incoming', policy: 'deny' }
|
||||
- { direction: 'outgoing', policy: 'deny' }
|
||||
|
||||
# disable ipv6
|
||||
- lineinfile:
|
||||
# disable ipv6
|
||||
- lineinfile:
|
||||
path: /etc/default/ufw
|
||||
state: present
|
||||
regexp: '^IPV6'
|
||||
line: 'IPV6=no'
|
||||
|
||||
- name: Enable ufw logging
|
||||
- name: Enable ufw logging
|
||||
ufw: logging=off
|
||||
|
||||
- name: Commenting a line.
|
||||
- name: Commenting a line.
|
||||
replace:
|
||||
path: /etc/ufw/before.rules
|
||||
regexp: '(.*limit --limit*)'
|
||||
replace: '#\1'
|
||||
|
||||
- name: Allow all access to tcp port 123
|
||||
- name: Allow all access to tcp port 123
|
||||
ufw:
|
||||
rule: allow
|
||||
port: '123'
|
||||
|
|
@ -37,7 +39,7 @@
|
|||
- in
|
||||
- out
|
||||
|
||||
- name: Allow SSH-Access to some servers
|
||||
- name: Allow SSH-Access to some servers
|
||||
ufw:
|
||||
rule: allow
|
||||
direction: '{{ item.direction }}'
|
||||
|
|
@ -50,7 +52,7 @@
|
|||
- { direction: 'out', destination: '10.16.1.1/32' }
|
||||
- { direction: 'in', destination: '162.55.5.40/32' }
|
||||
- { direction: 'out', destination: '162.55.5.40/32' }
|
||||
- name: Allow https-Access to some servers
|
||||
- name: Allow https-Access to some servers
|
||||
ufw:
|
||||
rule: allow
|
||||
direction: '{{ item.direction }}'
|
||||
|
|
@ -64,21 +66,21 @@
|
|||
- { direction: 'in', destination: '162.55.5.40/32' }
|
||||
- { direction: 'out', destination: '162.55.5.40/32' }
|
||||
|
||||
- name: Enable ufw
|
||||
- name: Enable ufw
|
||||
ufw: state=enabled
|
||||
|
||||
- name: Allow dns
|
||||
- name: Allow dns
|
||||
ufw: rule={{ item.rule }} port={{ item.port }}
|
||||
with_items:
|
||||
- { rule: 'allow', port: '53'}
|
||||
|
||||
|
||||
- name: start ufw service
|
||||
- name: start ufw service
|
||||
service:
|
||||
name: ufw
|
||||
state: restarted
|
||||
|
||||
- name: purge some prior installed packages
|
||||
- name: purge some prior installed packages
|
||||
apt:
|
||||
name:
|
||||
- task-kde-desktop
|
||||
|
|
|
|||
Loading…
Reference in New Issue