60 lines
1.1 KiB
YAML
60 lines
1.1 KiB
YAML
---
|
|
- name: Install required packages
|
|
apt:
|
|
name: "{{ item }}"
|
|
loop:
|
|
- curl
|
|
- tree
|
|
- syslog-ng
|
|
- vsftpd
|
|
- tftpd-hpa
|
|
- ntp
|
|
- ufw
|
|
|
|
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP connections
|
|
community.general.ufw:
|
|
rule: allow
|
|
direction: in
|
|
port: "{{ item.port }}"
|
|
proto: "{{ item.proto }}"
|
|
loop:
|
|
- port: '22'
|
|
proto: tcp
|
|
- port: '123'
|
|
proto: udp
|
|
- port: '514'
|
|
proto: udp
|
|
- port: '23'
|
|
proto: tcp
|
|
- port: '3389'
|
|
proto: tcp
|
|
- port: '69'
|
|
proto: udp
|
|
- port: '5140'
|
|
proto: tcp
|
|
- port: '5141'
|
|
proto: tcp
|
|
- port: '5142'
|
|
proto: tcp
|
|
|
|
- name: UFW - Deny all other incoming traffic by default
|
|
community.general.ufw:
|
|
state: enabled
|
|
policy: deny
|
|
direction: incoming
|
|
|
|
- name: Block all IPv6 incoming connections
|
|
community.general.ufw:
|
|
rule: deny
|
|
direction: in
|
|
proto: ipv6
|
|
|
|
- name: Apply NTP configuration file
|
|
ansible.builtin.copy:
|
|
src: ./configuration_files/ntp.conf
|
|
dest: /etc/ntp.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
backup: yes
|