vlad/ansible_cache
vlad/ansible_cache
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b7c93028e3
ansible_cache/dnaclab_linux/roles/services/tasks/main.yml

104 lines
2.0 KiB
YAML
Raw Blame History

---
- name: Install required packages
ansible.builtin.apt:
name: "{{ item }}"
loop:
- curl
- tree
- ufw
- ntp
- tftpd-hpa
- syslog-ng
- vsftpd
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP and TFTP connections
community.general.ufw:
rule: allow
direction: in
port: "{{ item.port }}"
proto: "{{ item.proto }}"
loop:
- port: '22'
proto: tcp
- port: '123'
proto: udp
- port: '514'
proto: udp
- port: '23'
proto: tcp
- port: '3389'
proto: tcp
- port: '69'
proto: udp
- port: '5140'
proto: tcp
- port: '5141'
proto: tcp
- port: '5142'
proto: tcp
- name: Deny all other incoming IPv4 traffic
community.general.ufw:
state: enabled
policy: deny
direction: incoming
- name: Block all IPv6 incoming connections
community.general.ufw:
rule: deny
direction: in
proto: ipv6
- name: Apply NTP configuration file
ansible.builtin.copy:
src: ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Apply TFTP configuration file
ansible.builtin.copy:
src: tftpd-hpa
dest: /etc/default/tftpd-hpa
owner: root
group: root
mode: '0644'
backup: yes
- name: Create TFTP directory
ansible.builtin.file:
path: "/home/{{ ansible_user }}/Desktop/TFTP"
state: directory
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: '0777'
- name: Apply SYSLOG configuration file
ansible.builtin.copy:
src: syslog-ng-network-devices.conf
dest: /etc/syslog-ng/conf.d/syslog-ng-network-devices.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Apply FTP configuration file
ansible.builtin.copy:
src: vsftpd.conf
dest: /etc/vsftpd.conf
owner: root
group: root
mode: '0644'
backup: yes
- name: Enable installed services
ansible.builtin.service:
name: "{{ item }}"
enabled: yes
loop:
- ntp
- tftpd-hpa
- syslog-ng
- vsftpd
Reference in New Issue View Git Blame Copy Permalink