보안 설정 Role 추가
This commit is contained in:
ByeonJungHun
@@ -1,3 +1,3 @@
|
|||||||
| 이름 | 아이피 | 상태 요약 | 상세 보기 |
|
| 이름 | 아이피 | 상태 요약 | 상세 보기 |
|
||||||
| --- | --- | --- | --- |
|
| --- | --- | --- | --- |
|
||||||
| cmoa-jaeger-master | 10.10.43.213 | 취약 | http://10.10.43.42:8080/cmoa-jaeger-master.10.10.43.213.txt |
|
| cmoa-jaeger-master | 10.10.43.213 | 양호 | http://10.10.43.42:8080/cmoa-jaeger-master.10.10.43.213.txt |
|
||||||
|
|||||||
@@ -25,22 +25,22 @@
|
|||||||
dest: "{{ playbook_dir }}/README.md"
|
dest: "{{ playbook_dir }}/README.md"
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
|
|
||||||
- name: git push
|
#- name: git push
|
||||||
shell: |
|
# shell: |
|
||||||
pwd
|
# pwd
|
||||||
ls -al
|
# ls -al
|
||||||
git config --global user.email "sa_8001@ex-em.com"
|
# git config --global user.email "sa_8001@ex-em.com"
|
||||||
git config --global user.name "ByeonJungHun"
|
# git config --global user.name "ByeonJungHun"
|
||||||
git clone https://{{ git_user }}:{{ git_key }}github.com/CloudMOA/dsk-iac.git ~/dsk-iac
|
# git clone https://{{ git_user }}:{{ git_key }}github.com/CloudMOA/dsk-iac.git ~/dsk-iac
|
||||||
cp ./README.md ~/dsk-iac/ansible/security_check/README.md
|
# cp ./README.md ~/dsk-iac/ansible/security_check/README.md
|
||||||
cd ~/dsk-iac
|
# cd ~/dsk-iac
|
||||||
cat README.md
|
# cat README.md
|
||||||
pwd
|
# pwd
|
||||||
ls -al
|
# ls -al
|
||||||
git add .
|
# git add .
|
||||||
git commit -m "검사 결과 업데이트"
|
# git commit -m "검사 결과 업데이트"
|
||||||
git push
|
# git push
|
||||||
delegate_to: 127.0.0.1
|
# delegate_to: 127.0.0.1
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
msg: "결과 확인 : https://github.com/CloudMOA/dsk-iac/tree/main/ansible/security_check"
|
msg: "결과 확인 : https://github.com/CloudMOA/dsk-iac/tree/main/ansible/security_check"
|
||||||
@@ -1,4 +1,5 @@
|
|||||||
[all]
|
[all]
|
||||||
|
10.10.43.43 ansible_port=2222 ansible_user=dev2
|
||||||
10.10.43.100 ansible_port=2222 ansible_user=dev2
|
10.10.43.100 ansible_port=2222 ansible_user=dev2
|
||||||
10.10.43.101 ansible_port=2222 ansible_user=dev2
|
10.10.43.101 ansible_port=2222 ansible_user=dev2
|
||||||
10.10.43.105 ansible_port=2222 ansible_user=dev2
|
10.10.43.105 ansible_port=2222 ansible_user=dev2
|
||||||
|
|||||||
@@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
- name: search non-existent device
|
||||||
|
shell: find /dev -type f -exec ls -l {} \; | awk '{print $NF}'
|
||||||
|
register: search_result
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
msg: "발견된 존재하지 않는 디바이스 {{ search_result.stdout_lines }}"
|
||||||
|
|
||||||
|
- name: delete non-existent device
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
with_items: "{{ search_result.stdout_lines }}"
|
||||||
@@ -40,3 +40,20 @@
|
|||||||
- /etc/cron.weekly/man-db
|
- /etc/cron.weekly/man-db
|
||||||
- /etc/cron.weekly/update-notifier-common
|
- /etc/cron.weekly/update-notifier-common
|
||||||
- /etc/cron.monthly/.placeholder
|
- /etc/cron.monthly/.placeholder
|
||||||
|
|
||||||
|
- name: cron file owner change
|
||||||
|
file:
|
||||||
|
path: /var/spool/cron/atjobs/.SEQ
|
||||||
|
owner: root
|
||||||
|
|
||||||
|
- name: at mode change
|
||||||
|
file:
|
||||||
|
path: /usr/bin/at
|
||||||
|
mode: 640
|
||||||
|
|
||||||
|
- name: create at.allow file
|
||||||
|
file:
|
||||||
|
path: /etc/at.allow
|
||||||
|
state: touch
|
||||||
|
mode: 0640
|
||||||
|
owner: root
|
||||||
@@ -6,3 +6,24 @@
|
|||||||
mode: 0755
|
mode: 0755
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
|
- name: Setting Sysinfo
|
||||||
|
template:
|
||||||
|
src: sysinfo.j2
|
||||||
|
dest: /usr/share/landscape/landscape-sysinfo.wrapper
|
||||||
|
mode: 0755
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: Delete ETC file
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
with_items:
|
||||||
|
- /etc/update-motd.d/10-help-text
|
||||||
|
- /etc/update-motd.d/50-motd-news
|
||||||
|
- /etc/update-motd.d/85-fwupd
|
||||||
|
- /etc/update-motd.d/90-updates-available
|
||||||
|
- /etc/update-motd.d/91-release-upgrade
|
||||||
|
- /etc/update-motd.d/95-hwe-eol
|
||||||
|
- /etc/update-motd.d/98-fsck-at-reboot
|
||||||
@@ -1,12 +1,19 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
# SSH 접속 시 Banner 설정
|
||||||
- include: debian_setting_banner.yml
|
- include: debian_setting_banner.yml
|
||||||
when: ansible_facts.os_family == 'Debian'
|
when: ansible_facts.os_family == 'Debian'
|
||||||
|
|
||||||
|
# root 사용자를 사용한 ssh 접속 비활성화
|
||||||
- include: all_setting_root_ssh.yml
|
- include: all_setting_root_ssh.yml
|
||||||
|
|
||||||
|
# 패스워드 정책 설정
|
||||||
- include: debian_setting_password_rule.yml
|
- include: debian_setting_password_rule.yml
|
||||||
when: ansible_facts.os_family == 'Debian'
|
when: ansible_facts.os_family == 'Debian'
|
||||||
|
|
||||||
#- include: all_setting_mode_change.yml
|
# 일부 파일 권한 설정
|
||||||
# crontab 관련 설정 작성중 U_22 항목
|
- include: all_setting_mode_change.yml
|
||||||
# 대부분 설정은 하였으나 '/var/spool/cron/atjobs/.SEQ' 파일에 대해서 소유자를 root로 변경해야하는데 해도 상관 없는지 확인중
|
# 대부분 설정은 하였으나 '/var/spool/cron/atjobs/.SEQ' 파일에 대해서 소유자를 root로 변경해야하는데 해도 상관 없는지 확인중
|
||||||
|
|
||||||
|
# /dev 경로의 불필요 디바이스 검색 및 제거
|
||||||
|
- include: all_setting_device_organize.yml
|
||||||
|
|||||||
@@ -1,13 +1,13 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
echo "-------------------------------------------------------------------------------\n"
|
echo "-------------------------------------------------------------------------------\n"
|
||||||
echo " _╓g@DDKg╓_ \033[0;31m=╗╗╗╗,\033[0;0m \033[0;34m,╗╗╗╗╤\033[0;0m ,╔╗DDKg╔_ ╓g@DD╗╔_ ╓g@DD╗╔_"
|
echo " _╓g@DDKg╓_ \033[0;31m=╗╗╗╗,\033[0;0m \033[0;34m,╗╗╗╗╤\033[0;0m ,╔╗DDKg╔_ ╓g@DD╗╔_ ╓g@DD╗╔_"
|
||||||
echo " ╓D╝╙\` \`╠╠H \033[0;31m╙╠╠╠╠▒\033[0;0m \033[0;34mÆ╬╬╬╬╩\033[0;0m _j╠╙\` 1╠R j╠R^ \`╙╠▒,j╠R^ \`╙╠▒,"
|
echo " ╓D╝╙\` \`╠╠H \033[0;31m╙╠╠╠╠▒\033[0;0m \033[0;34mÆ╬╬╬╬╩\033[0;0m _j╠╙\` 1╠R j╠R^ \`╙╠▒,j╠R^ \`╙╠▒,"
|
||||||
echo " 1╠^ ,╠╝ \033[0;31m╝╠R\033[0;0m \033[0;34m╓▓╬╬╬╝\033[0;0m j╠H 1╠^ ╠╠ ╚╠H ╚╠H"
|
echo " 1╠^ ,╠╝ \033[0;31m╝╠R\033[0;0m \033[0;34m╓▓╬╬╬╝\033[0;0m j╠H 1╠^ ╠╠ ╚╠H ╚╠H"
|
||||||
echo "j╠⌐ j╠Γ \033[0;31m'\033[0;0m \033[0;34mÆ╬╬╬╬╙\033[0;0m ╠H ╔╠R ╠╠ ╠╠ ╠╠"
|
echo "j╠⌐ j╠Γ \033[0;31m'\033[0;0m \033[0;34mÆ╬╬╬╬╙\033[0;0m ╠H ╔╠R ╠╠ ╠╠ ╠╠"
|
||||||
echo "╠╠ ╒╠R \033[0;34m╔╣╬╬╬\033[0;33m╬▒\033[0;0m j╠H _D╝\` ╠╠ ╠╠ ╠╠"
|
echo "╠╠ ╒╠R \033[0;34m╔╣╬╬╬\033[0;33m╬▒\033[0;0m j╠H _D╝\` ╠╠ ╠╠ ╠╠"
|
||||||
echo "'╠H 1╠^ .. \033[0;34m,╣╬╬╬╣\033[0;33m╬╣╣▓┐\033[0;0m ╠D ╔╚╙ ╔_ ╠╠ ╠╠ ╠╠"
|
echo "'╠H 1╠^ .. \033[0;34m,╣╬╬╬╣\033[0;33m╬╣╣▓┐\033[0;0m ╠D ╔╚╙ ╔_ ╠╠ ╠╠ ╠╠"
|
||||||
echo " '╠▒╓░╙ _╔╔^ \033[0;34m¢╬╬╬╬╩\033[0;33m ╚╣╣╣╣▌\033[0;0m ╚▒╓░╙ ╔░H ╠╠ ╠╠ ╠╠"
|
echo " '╠▒╓░╙ _╔╔^ \033[0;34m¢╬╬╬╬╩\033[0;33m ╚╣╣╣╣▌\033[0;0m ╚▒╓░╙ ╔░H ╠╠ ╠╠ ╠╠"
|
||||||
echo " ⁿ╚╠K≥╔╔╔1▒╝^ \033[0;34m╒▓╬╬╬╩^\033[0;33m \`╣╣╣╣▓╕\033[0;0m \`╚╠▒g╔╔╔gD╝╙ ╠╠ ╠╠ ╠╠\n"
|
echo " ⁿ╚╠K≥╔╔╔1▒╝^ \033[0;34m╒▓╬╬╬╩^\033[0;33m \`╣╣╣╣▓╕\033[0;0m \`╚╠▒g╔╔╔gD╝╙ ╠╠ ╠╠ ╠╠\n"
|
||||||
echo "-------------------------------------------------------------------------------"
|
echo "-------------------------------------------------------------------------------"
|
||||||
echo ""
|
echo ""
|
||||||
echo " - 알 림 - "
|
echo " - 알 림 - "
|
||||||
|
|||||||
@@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# pam_motd does not carry the environment
|
||||||
|
[ -f /etc/default/locale ] && . /etc/default/locale
|
||||||
|
export LANG
|
||||||
|
cores=$(grep -c ^processor /proc/cpuinfo 2>/dev/null)
|
||||||
|
[ "$cores" -eq "0" ] && cores=1
|
||||||
|
threshold="${cores:-1}.0"
|
||||||
|
if [ $(echo "`cut -f1 -d ' ' /proc/loadavg` < $threshold" | bc) -eq 1 ]; then
|
||||||
|
echo
|
||||||
|
echo -n " System information as of "
|
||||||
|
/bin/date
|
||||||
|
echo
|
||||||
|
/usr/bin/landscape-sysinfo
|
||||||
|
else
|
||||||
|
echo
|
||||||
|
echo " System information disabled due to load higher than $threshold"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo ""
|
||||||
@@ -1,27 +1,2 @@
|
|||||||
[all]
|
[all]
|
||||||
#10.10.43.195 ansible_user=dev2-iac ansible_port=2222
|
10.10.43.213 ansible_user=dev2 ansible_port=2222
|
||||||
#10.10.43.196 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.197 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.201 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.202 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.203 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.204 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.205 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.206 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.207 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.208 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.211 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.212 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
10.10.43.213 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.214 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.215 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.216 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.217 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.218 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.224 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.225 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.226 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.227 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.228 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.235 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
#10.10.43.236 ansible_user=dev2-iac ansible_port=2222
|
|
||||||
|
|||||||
@@ -11,10 +11,10 @@
|
|||||||
10.10.43.106 ansible_port=2222 ansible_user=dev2
|
10.10.43.106 ansible_port=2222 ansible_user=dev2
|
||||||
|
|
||||||
[saas_mgmt_master]
|
[saas_mgmt_master]
|
||||||
10.10.43.240 ansible_port=2222 ansible_user=dev2
|
10.10.43.240 ansible_port=2222 ansible_user=dev2-iac
|
||||||
|
|
||||||
[saas_mgmt_node]
|
[saas_mgmt_node]
|
||||||
10.10.43.[241:243] ansible_port=2222 ansible_user=dev2
|
10.10.43.[241:243] ansible_port=2222 ansible_user=dev2-iac
|
||||||
|
|
||||||
[dsk_dev_master]
|
[dsk_dev_master]
|
||||||
10.10.43.[111:113] ansible_port=2222 ansible_user=dev2
|
10.10.43.[111:113] ansible_port=2222 ansible_user=dev2
|
||||||
|
|||||||
@@ -1,31 +1,2 @@
|
|||||||
[all]
|
[all]
|
||||||
#10.10.43.195 ansible_user=dev2 ansible_port=2222
|
10.10.43.43 ansible_port=2222 ansible_user=dev2
|
||||||
#10.10.43.196 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.197 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.200 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.201 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.202 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.203 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.204 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.205 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.206 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.207 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.208 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.210 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.211 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.212 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.213 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.214 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.215 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.216 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.217 ansible_user=dev2 ansible_port=2222
|
|
||||||
10.10.43.218 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.224 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.225 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.226 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.227 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.228 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.230 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.235 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.236 ansible_user=dev2 ansible_port=2222
|
|
||||||
#10.10.43.252 ansible_user=dev2 ansible_port=2222
|
|
||||||
|
|||||||
Reference in New Issue
Block a user