Giter Site home page Giter Site logo

csf-ansible-role's Introduction

CSF Ansible Role

GitHub version Build Status

Requirements

None

Role Variables

Variables are done in two stages:

  • csf_global_conf
    Variables within this scope are done at a group level and are deployed to all servers
  • csf_conf
    Variables within this scope should only be done on a per-server basis
  • csf_allow_ip Values in that array will be added to /etc/csf/csf.allow file
  • csf_rules
    Rules placed into this variable are copied from role_dir/files/rules/common/{{ item.rule }}.allow
    TODO: Make this a lot neater

Dependencies

None

Example Playbook

- hosts: firewalls
  roles:
     - { role: jloh.csf-ansible-role }

In group_vars/firewalls:

csf_global_conf:
  - name: CLUSTER_PORT
    config: "7786"
  - name: CLUSTER_KEY
    config: "some random cluster key"
  - name: DENY_TEMP_IP_LIMIT
    config: "200"
  - name: LF_CONSOLE_EMAIL_ALERT
    config: "1"
  - name: LF_GLOBAL
    config: "3600"
  - name: GLOBAL_DYNDNS_INTERVAL
    config: "600"
  - name: URLGET
    config: "2"

csf_allow:
 - 12.12.12.12	# office IP
 - 138.44.33.22	# monitoring
 - 198.33.22.11
 - 45.22.11.22
 
csf_ignore:
 - 12.12.12.12	# office IP
 - 138.44.33.22	# monitoring
 - 198.33.22.11
 - 45.22.11.22

csf_blocklists:
  - SPAMEDROP
  - DSHIELD
  - TOR
  - ALTTOR
  - BOGON
  - HONEYPOT
  - CIARMY
  - BFB
  - OPENBL
  - AUTOSHUN
  - MAXMIND
  - BDE
  - STOPFORUMSPAM

In host_vars/firewall-01:

csf_conf:
  - name: CLUSTER_RECVFROM
    config: "162.243.144.14,103.4.18.200,80.69.77.247"
  - name: CLUSTER_SENDTO
    config: "162.243.144.14,103.4.18.200,80.69.77.247"
  - name: TCP_IN
    config: "80,443"
  - name: TCP_OUT
    config: "25,53,80,443"
  - name: UDP_IN
    config: ""
  - name: UDP_OUT
    config: "25,123"
  - name: TCP6_IN
    config: "80,443"
  - name: TCP6_OUT
    config: "25,53,80,443"
  - name: UDP6_IN
    config: ""
  - name: UDP6_OUT
    config: "25,123"

 csf_rules:
  - rule: nagios
  - rule: munin

License

MIT

Contributors

Many! Please checkout the contributors graph!

Author Information

For other roles and general tech information please feel free to checkout my blog.

csf-ansible-role's People

Contributors

bvansomeren avatar dledanseur avatar gitter-badger avatar gjedeer avatar jloh avatar ju5t avatar marek-knappe avatar rainbow-goblin avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.