Added common module(selinux, yum repos and Iptables)
This commit is contained in:
parent
d449afbf7e
commit
fc2ea52e3a
|
@ -32,3 +32,6 @@ django.pot
|
|||
fixtures/
|
||||
|
||||
tmp/
|
||||
|
||||
# Vagrant
|
||||
.vagrant
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
ntpserver: 192.168.1.1
|
|
@ -0,0 +1 @@
|
|||
local_environment: True
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDk7B0r4at0lUVF5D3pXFyGRklExP640xrvKX2bMFmRH1eCbtx1CReVxi41ZtsEWA9vi2ZIWxlTGK0av1eBSZh5HChViKLqcb6OsvFDTq+txb1flEPs+QlHcOVs7urxAkazkwnngRbYUDYjIyK02brOJTV/Tp/83AtrPZt8t5LZJVj2oyOyOp8nUttlRpJDLLk+YLWa3P3CaqEfZs0K5Z0DjrrhMmJbqF/1+1Mg3oOkiaFuJXTbmQErggV0hIiZEX0WHy3yMGTpAyuYx60DRteT0IC1pqP6lE5m8D2gC9oD9NkH8wmMPlU3eP1kI1VHG52mH6rV+0Y7XeDhFH6f7Tad Juanpa@KerberossMBP.local
|
|
@ -0,0 +1,28 @@
|
|||
*filter
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:RH-Firewall-1-INPUT - [0:0]
|
||||
-A INPUT -j RH-Firewall-1-INPUT
|
||||
-A FORWARD -j RH-Firewall-1-INPUT
|
||||
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
|
||||
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
|
||||
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -p tcp -d 198.211.124.169 --dport 80 -j ACCEPT
|
||||
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -p tcp -d 198.211.124.169 --dport 443 -j ACCEPT
|
||||
# JP house
|
||||
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 213.37.133.114 -d 198.211.124.169 --sport 513:65535 --dport 22 -j ACCEPT
|
||||
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 213.37.133.114 -d 198.211.124.169 --dport 80 -j ACCEPT
|
||||
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 213.37.133.114 -d 198.211.124.169 --sport 80 -j ACCEPT
|
||||
# Felipe´s Office
|
||||
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 2.139.188.200 -d 198.211.124.169 --sport 513:65535 --dport 22 -j ACCEPT
|
||||
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 2.139.188.200 -d 198.211.124.169 --dport 80 -j ACCEPT
|
||||
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 2.139.188.200 -d 198.211.124.169 --sport 80 -j ACCEPT
|
||||
# Felipe´s house
|
||||
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 88.26.241.211 -d 198.211.124.169 --sport 513:65535 --dport 22 -j ACCEPT
|
||||
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 88.26.241.211 -d 198.211.124.169 --dport 80 -j ACCEPT
|
||||
#-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 88.26.241.211 -d 198.211.124.169 --sport 80 -j ACCEPT
|
||||
# Moriarti CI
|
||||
-A RH-Firewall-1-INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp -s 37.139.15.172 -d 198.211.124.169 --sport 513:65535 --dport 22 -j ACCEPT
|
||||
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||
COMMIT
|
|
@ -1,4 +1,8 @@
|
|||
---
|
||||
- name: restart ntpd
|
||||
service: name=ntpd state=restarted
|
||||
- name: Clean yum packages
|
||||
command: /usr/bin/yum clean all
|
||||
sudo: yes
|
||||
|
||||
- service: name=iptables pattern=/sbin/iptables state=restarted
|
||||
sudo: yes
|
||||
when: local_environment is true
|
||||
|
|
|
@ -1,26 +1,4 @@
|
|||
---
|
||||
- name: be sure ntp is installed
|
||||
yum: pkg=ntp state=installed
|
||||
sudo: yes
|
||||
|
||||
- name: Install libselinux python
|
||||
yum: pkg=libselinux-python state=installed
|
||||
sudo: yes
|
||||
|
||||
- name: test to see if selinux is running
|
||||
command: /usr/sbin/getenforce
|
||||
register: sestatus
|
||||
|
||||
- name: Selinux Down
|
||||
command: setenforce 0
|
||||
when: sestatus == 'Enforcing'
|
||||
|
||||
- name: be sure ntp is configured
|
||||
template: src=ntp.conf.j2 dest=/etc/ntp.conf
|
||||
notify:
|
||||
- restart ntpd
|
||||
sudo: yes
|
||||
|
||||
- name: be sure ntpd is running and enabled
|
||||
service: name=ntpd state=running enabled=yes
|
||||
sudo: yes
|
||||
- debug: msg="Starting Common module"
|
||||
- include: yum_repositories.yml
|
||||
- include: security.yml
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
- name: Selinux module Dependecy
|
||||
yum: name=libselinux-python state=latest
|
||||
sudo: yes
|
||||
|
||||
- selinux: policy=targeted state=permissive
|
||||
sudo: yes
|
||||
|
||||
- name: Clean iptables
|
||||
shell: /sbin/iptables -F
|
||||
sudo: yes
|
||||
|
||||
- stat: path=/etc/sysconfig/iptables
|
||||
register: st
|
||||
|
||||
- name: Install Iptables statements
|
||||
file:
|
||||
src=iptables
|
||||
dest=/etc/sysconfig/iptables
|
||||
sudo: yes
|
||||
when: local_environment and st.stat.exists
|
||||
notify:
|
||||
- iptables
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: Puias Repo RPM Key
|
||||
get_url:
|
||||
url=http://springdale.math.ias.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias
|
||||
dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-puias
|
||||
mode=0644
|
||||
|
||||
- name: Install Puias Repo
|
||||
template:
|
||||
src=Puias_6_compu.repo
|
||||
dest=/etc/yum.repos.d/Puias_6_compu.repo
|
||||
sudo: yes
|
||||
notify:
|
||||
- Clean yum packages
|
|
@ -0,0 +1,6 @@
|
|||
[PUIAS_6_computational]
|
||||
name=PUIAS computational Base $releasever - $basearch
|
||||
mirrorlist= {{ Puias_url }}
|
||||
#baseurl=http://puias.math.ias.edu/data/puias/computational/$releasever/$basearch
|
||||
gpgcheck=1
|
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puias
|
|
@ -1,10 +0,0 @@
|
|||
driftfile /var/lib/ntp/drift
|
||||
|
||||
restrict 127.0.0.1
|
||||
restrict -6 ::1
|
||||
|
||||
server {{ ntpserver }}
|
||||
|
||||
includefile /etc/ntp/crypto/pw
|
||||
|
||||
keys /etc/ntp/keys
|
|
@ -1,4 +1,3 @@
|
|||
---
|
||||
# Variables here are applicable to all host groups
|
||||
|
||||
ntpserver: 192.168.1.2
|
||||
Puias_url: http://puias.math.ias.edu/data/puias/computational/$releasever/$basearch/mirrorlist
|
||||
|
|
Reference in New Issue