Added common module(selinux, yum repos and Iptables)
This commit is contained in:
parent
d449afbf7e
commit
fc2ea52e3a
|
@ -32,3 +32,6 @@ django.pot
|
||||||
fixtures/
|
fixtures/
|
||||||
|
|
||||||
tmp/
|
tmp/
|
||||||
|
|
||||||
|
# Vagrant
|
||||||
|
.vagrant
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
ntpserver: 192.168.1.1
|
|
|
@ -0,0 +1 @@
|
||||||
|
local_environment: True
|
|
@ -1,5 +1,5 @@
|
||||||
shelfzilla ansible_ssh_host=198.211.124.169 ansible_ssh_port=22 ansible_ssh_user=root
|
shelfzilla ansible_ssh_host=198.211.124.169 ansible_ssh_port=22 ansible_ssh_user=root
|
||||||
vagrantServer ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_user=vagrant
|
vagrantServer ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_user=vagrant
|
||||||
|
|
||||||
[production]
|
[production]
|
||||||
shelfzilla
|
shelfzilla
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDk7B0r4at0lUVF5D3pXFyGRklExP640xrvKX2bMFmRH1eCbtx1CReVxi41ZtsEWA9vi2ZIWxlTGK0av1eBSZh5HChViKLqcb6OsvFDTq+txb1flEPs+QlHcOVs7urxAkazkwnngRbYUDYjIyK02brOJTV/Tp/83AtrPZt8t5LZJVj2oyOyOp8nUttlRpJDLLk+YLWa3P3CaqEfZs0K5Z0DjrrhMmJbqF/1+1Mg3oOkiaFuJXTbmQErggV0hIiZEX0WHy3yMGTpAyuYx60DRteT0IC1pqP6lE5m8D2gC9oD9NkH8wmMPlU3eP1kI1VHG52mH6rV+0Y7XeDhFH6f7Tad Juanpa@KerberossMBP.local
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
*filter
|
||||||
|
:INPUT ACCEPT [0:0]
|
||||||
|
:FORWARD ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [0:0]
|
||||||
|
:RH-Firewall-1-INPUT - [0:0]
|
||||||
|
-A INPUT -j RH-Firewall-1-INPUT
|
||||||
|
-A FORWARD -j RH-Firewall-1-INPUT
|
||||||
|
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
|
||||||
|
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
|
||||||
|
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -p tcp -d 198.211.124.169 --dport 80 -j ACCEPT
|
||||||
|
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -p tcp -d 198.211.124.169 --dport 443 -j ACCEPT
|
||||||
|
# JP house
|
||||||
|
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 213.37.133.114 -d 198.211.124.169 --sport 513:65535 --dport 22 -j ACCEPT
|
||||||
|
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 213.37.133.114 -d 198.211.124.169 --dport 80 -j ACCEPT
|
||||||
|
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 213.37.133.114 -d 198.211.124.169 --sport 80 -j ACCEPT
|
||||||
|
# Felipe´s Office
|
||||||
|
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 2.139.188.200 -d 198.211.124.169 --sport 513:65535 --dport 22 -j ACCEPT
|
||||||
|
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 2.139.188.200 -d 198.211.124.169 --dport 80 -j ACCEPT
|
||||||
|
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 2.139.188.200 -d 198.211.124.169 --sport 80 -j ACCEPT
|
||||||
|
# Felipe´s house
|
||||||
|
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 88.26.241.211 -d 198.211.124.169 --sport 513:65535 --dport 22 -j ACCEPT
|
||||||
|
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 88.26.241.211 -d 198.211.124.169 --dport 80 -j ACCEPT
|
||||||
|
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 88.26.241.211 -d 198.211.124.169 --sport 80 -j ACCEPT
|
||||||
|
# Moriarti CI
|
||||||
|
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 37.139.15.172 -d 198.211.124.169 --sport 513:65535 --dport 22 -j ACCEPT
|
||||||
|
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||||
|
COMMIT
|
|
@ -1,4 +1,8 @@
|
||||||
---
|
---
|
||||||
- name: restart ntpd
|
- name: Clean yum packages
|
||||||
service: name=ntpd state=restarted
|
command: /usr/bin/yum clean all
|
||||||
sudo: yes
|
sudo: yes
|
||||||
|
|
||||||
|
- service: name=iptables pattern=/sbin/iptables state=restarted
|
||||||
|
sudo: yes
|
||||||
|
when: local_environment is true
|
||||||
|
|
|
@ -1,26 +1,4 @@
|
||||||
---
|
---
|
||||||
- name: be sure ntp is installed
|
- debug: msg="Starting Common module"
|
||||||
yum: pkg=ntp state=installed
|
- include: yum_repositories.yml
|
||||||
sudo: yes
|
- include: security.yml
|
||||||
|
|
||||||
- name: Install libselinux python
|
|
||||||
yum: pkg=libselinux-python state=installed
|
|
||||||
sudo: yes
|
|
||||||
|
|
||||||
- name: test to see if selinux is running
|
|
||||||
command: /usr/sbin/getenforce
|
|
||||||
register: sestatus
|
|
||||||
|
|
||||||
- name: Selinux Down
|
|
||||||
command: setenforce 0
|
|
||||||
when: sestatus == 'Enforcing'
|
|
||||||
|
|
||||||
- name: be sure ntp is configured
|
|
||||||
template: src=ntp.conf.j2 dest=/etc/ntp.conf
|
|
||||||
notify:
|
|
||||||
- restart ntpd
|
|
||||||
sudo: yes
|
|
||||||
|
|
||||||
- name: be sure ntpd is running and enabled
|
|
||||||
service: name=ntpd state=running enabled=yes
|
|
||||||
sudo: yes
|
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- name: Selinux module Dependecy
|
||||||
|
yum: name=libselinux-python state=latest
|
||||||
|
sudo: yes
|
||||||
|
|
||||||
|
- selinux: policy=targeted state=permissive
|
||||||
|
sudo: yes
|
||||||
|
|
||||||
|
- name: Clean iptables
|
||||||
|
shell: /sbin/iptables -F
|
||||||
|
sudo: yes
|
||||||
|
|
||||||
|
- stat: path=/etc/sysconfig/iptables
|
||||||
|
register: st
|
||||||
|
|
||||||
|
- name: Install Iptables statements
|
||||||
|
file:
|
||||||
|
src=iptables
|
||||||
|
dest=/etc/sysconfig/iptables
|
||||||
|
sudo: yes
|
||||||
|
when: local_environment and st.stat.exists
|
||||||
|
notify:
|
||||||
|
- iptables
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
- name: Puias Repo RPM Key
|
||||||
|
get_url:
|
||||||
|
url=http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias
|
||||||
|
dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-puias
|
||||||
|
mode=0644
|
||||||
|
|
||||||
|
- name: Install Puias Repo
|
||||||
|
template:
|
||||||
|
src=Puias_6_compu.repo
|
||||||
|
dest=/etc/yum.repos.d/Puias_6_compu.repo
|
||||||
|
sudo: yes
|
||||||
|
notify:
|
||||||
|
- Clean yum packages
|
|
@ -0,0 +1,6 @@
|
||||||
|
[PUIAS_6_computational]
|
||||||
|
name=PUIAS computational Base $releasever - $basearch
|
||||||
|
mirrorlist= {{ Puias_url }}
|
||||||
|
#baseurl=http://puias.math.ias.edu/data/puias/computational/$releasever/$basearch
|
||||||
|
gpgcheck=1
|
||||||
|
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puias
|
|
@ -1,10 +0,0 @@
|
||||||
driftfile /var/lib/ntp/drift
|
|
||||||
|
|
||||||
restrict 127.0.0.1
|
|
||||||
restrict -6 ::1
|
|
||||||
|
|
||||||
server {{ ntpserver }}
|
|
||||||
|
|
||||||
includefile /etc/ntp/crypto/pw
|
|
||||||
|
|
||||||
keys /etc/ntp/keys
|
|
|
@ -1,4 +1,3 @@
|
||||||
---
|
---
|
||||||
# Variables here are applicable to all host groups
|
|
||||||
|
|
||||||
ntpserver: 192.168.1.2
|
Puias_url: http://puias.math.ias.edu/data/puias/computational/$releasever/$basearch/mirrorlist
|
||||||
|
|
Reference in New Issue