검사 결과 업데이트

2024-01-09 14:31:29 +09:00
parent aafca9fe68
commit 505fec4a05
7 changed files with 221 additions and 274 deletions
--- a/ansible/security_check/README.md
+++ b/ansible/security_check/README.md
@@ -1,78 +1,10 @@
 | 이름 | 아이피 | 상태 요약 | 상세 보기 |
 | --- | --- | --- | --- |
-| cmoa-jaeger-master | 10.10.43.203 | 취약 | http://10.10.43.42:8080/cmoa-jaeger-master.10.10.43.203.txt |
-| cmoa-jaeger-master | 10.10.43.213 | 취약 | http://10.10.43.42:8080/cmoa-jaeger-master.10.10.43.213.txt |
-| cmoa-jaeger-worker1 | 10.10.43.204 | 취약 | http://10.10.43.42:8080/cmoa-jaeger-worker1.10.10.43.204.txt |
-| cmoa-jaeger-worker1 | 10.10.43.214 | 취약 | http://10.10.43.42:8080/cmoa-jaeger-worker1.10.10.43.214.txt |
-| cmoa-jaeger-worker2-crio | 10.10.43.205 | 취약 | http://10.10.43.42:8080/cmoa-jaeger-worker2-crio.10.10.43.205.txt |
-| cmoa-jaeger-worker2 | 10.10.43.215 | 취약 | http://10.10.43.42:8080/cmoa-jaeger-worker2.10.10.43.215.txt |
-| cmoa-jspd-master | 10.10.43.206 | 취약 | http://10.10.43.42:8080/cmoa-jspd-master.10.10.43.206.txt |
-| cmoa-jspd-master | 10.10.43.216 | 취약 | http://10.10.43.42:8080/cmoa-jspd-master.10.10.43.216.txt |
-| cmoa-jspd-worker1 | 10.10.43.207 | 취약 | http://10.10.43.42:8080/cmoa-jspd-worker1.10.10.43.207.txt |
-| cmoa-jspd-worker1 | 10.10.43.217 | 취약 | http://10.10.43.42:8080/cmoa-jspd-worker1.10.10.43.217.txt |
-| cmoa-jspd-worker2 | 10.10.43.208 | 취약 | http://10.10.43.42:8080/cmoa-jspd-worker2.10.10.43.208.txt |
-| cmoa-jspd-worker2 | 10.10.43.218 | 취약 | http://10.10.43.42:8080/cmoa-jspd-worker2.10.10.43.218.txt |
-| cmoa-master-1 | 10.10.43.200 | 취약 | http://10.10.43.42:8080/cmoa-master-1.10.10.43.200.txt |
-| cmoa-master-2 | 10.10.43.210 | 취약 | http://10.10.43.42:8080/cmoa-master-2.10.10.43.210.txt |
-| cmoa-worker1-1 | 10.10.43.201 | 취약 | http://10.10.43.42:8080/cmoa-worker1-1.10.10.43.201.txt |
-| cmoa-worker1-2 | 10.10.43.211 | 취약 | http://10.10.43.42:8080/cmoa-worker1-2.10.10.43.211.txt |
-| cmoa-worker2-1 | 10.10.43.202 | 취약 | http://10.10.43.42:8080/cmoa-worker2-1.10.10.43.202.txt |
-| cmoa-worker2-2 | 10.10.43.212 | 취약 | http://10.10.43.42:8080/cmoa-worker2-2.10.10.43.212.txt |
-| cmoamgmtmaster | 10.10.43.227 | 취약 | http://10.10.43.42:8080/cmoamgmtmaster.10.10.43.227.txt |
-| cmoamgmtworker | 10.10.43.228 | 취약 | http://10.10.43.42:8080/cmoamgmtworker.10.10.43.228.txt |
-| docker | 10.10.43.180 | 취약 | http://10.10.43.42:8080/docker.10.10.43.180.txt |
-| dsk-dev-data-common-a1 | 10.10.43.133 | 취약 | http://10.10.43.42:8080/dsk-dev-data-common-a1.10.10.43.133.txt |
-| dsk-dev-data-common-b1 | 10.10.43.134 | 취약 | http://10.10.43.42:8080/dsk-dev-data-common-b1.10.10.43.134.txt |
-| dsk-dev-data-common-c1 | 10.10.43.135 | 취약 | http://10.10.43.42:8080/dsk-dev-data-common-c1.10.10.43.135.txt |
-| dsk-dev-data-druid-a1 | 10.10.43.114 | 취약 | http://10.10.43.42:8080/dsk-dev-data-druid-a1.10.10.43.114.txt |
-| dsk-dev-data-druid-a3 | 10.10.43.139 | 취약 | http://10.10.43.42:8080/dsk-dev-data-druid-a3.10.10.43.139.txt |
-| dsk-dev-data-druid-b1 | 10.10.43.115 | 취약 | http://10.10.43.42:8080/dsk-dev-data-druid-b1.10.10.43.115.txt |
-| dsk-dev-data-druid-c2 | 10.10.43.138 | 취약 | http://10.10.43.42:8080/dsk-dev-data-druid-c2.10.10.43.138.txt |
-| dsk-dev-data-druid-n1 | 10.10.43.117 | 취약 | http://10.10.43.42:8080/dsk-dev-data-druid-n1.10.10.43.117.txt |
-| dsk-dev-data-druid-n2 | 10.10.43.118 | 취약 | http://10.10.43.42:8080/dsk-dev-data-druid-n2.10.10.43.118.txt |
-| dsk-dev-data-druid-n3 | 10.10.43.119 | 취약 | http://10.10.43.42:8080/dsk-dev-data-druid-n3.10.10.43.119.txt |
-| dsk-dev-data-druid-small | 10.10.43.147 | 취약 | http://10.10.43.42:8080/dsk-dev-data-druid-small.10.10.43.147.txt |
-| dsk-dev-data-kafka-a1 | 10.10.43.120 | 취약 | http://10.10.43.42:8080/dsk-dev-data-kafka-a1.10.10.43.120.txt |
-| dsk-dev-data-kafka-b1 | 10.10.43.121 | 취약 | http://10.10.43.42:8080/dsk-dev-data-kafka-b1.10.10.43.121.txt |
-| dsk-dev-data-kafka-c1 | 10.10.43.122 | 취약 | http://10.10.43.42:8080/dsk-dev-data-kafka-c1.10.10.43.122.txt |
-| dsk-dev-data-kafka-n1 | 10.10.43.148 | 취약 | http://10.10.43.42:8080/dsk-dev-data-kafka-n1.10.10.43.148.txt |
-| dsk-dev-demo-master | 10.10.43.105 | 취약 | http://10.10.43.42:8080/dsk-dev-demo-master.10.10.43.105.txt |
-| dsk-dev-demo-worker | 10.10.43.106 | 취약 | http://10.10.43.42:8080/dsk-dev-demo-worker.10.10.43.106.txt |
-| dsk-dev-master-a1 | 10.10.43.111 | 취약 | http://10.10.43.42:8080/dsk-dev-master-a1.10.10.43.111.txt |
-| dsk-dev-master-b1 | 10.10.43.112 | 취약 | http://10.10.43.42:8080/dsk-dev-master-b1.10.10.43.112.txt |
-| dsk-dev-master-c1 | 10.10.43.113 | 취약 | http://10.10.43.42:8080/dsk-dev-master-c1.10.10.43.113.txt |
-| dsk-dev-process-a1 | 10.10.43.123 | 취약 | http://10.10.43.42:8080/dsk-dev-process-a1.10.10.43.123.txt |
-| dsk-dev-process-a2 | 10.10.43.126 | 취약 | http://10.10.43.42:8080/dsk-dev-process-a2.10.10.43.126.txt |
-| dsk-dev-process-a3 | 10.10.43.129 | 취약 | http://10.10.43.42:8080/dsk-dev-process-a3.10.10.43.129.txt |
-| dsk-dev-process-a4 | 10.10.43.116 | 취약 | http://10.10.43.42:8080/dsk-dev-process-a4.10.10.43.116.txt |
-| dsk-dev-process-b1 | 10.10.43.124 | 취약 | http://10.10.43.42:8080/dsk-dev-process-b1.10.10.43.124.txt |
-| dsk-dev-process-b2 | 10.10.43.127 | 취약 | http://10.10.43.42:8080/dsk-dev-process-b2.10.10.43.127.txt |
-| dsk-dev-process-b3 | 10.10.43.130 | 취약 | http://10.10.43.42:8080/dsk-dev-process-b3.10.10.43.130.txt |
-| dsk-dev-process-b4 | 10.10.43.136 | 취약 | http://10.10.43.42:8080/dsk-dev-process-b4.10.10.43.136.txt |
-| dsk-dev-process-c1 | 10.10.43.125 | 취약 | http://10.10.43.42:8080/dsk-dev-process-c1.10.10.43.125.txt |
-| dsk-dev-process-c2 | 10.10.43.128 | 취약 | http://10.10.43.42:8080/dsk-dev-process-c2.10.10.43.128.txt |
-| dsk-dev-process-c3 | 10.10.43.131 | 취약 | http://10.10.43.42:8080/dsk-dev-process-c3.10.10.43.131.txt |
-| dsk-dev-process-c4 | 10.10.43.137 | 취약 | http://10.10.43.42:8080/dsk-dev-process-c4.10.10.43.137.txt |
-| dsk-dev-prometheus | 10.10.43.142 | 취약 | http://10.10.43.42:8080/dsk-dev-prometheus.10.10.43.142.txt |
-| dsk-dev-temp-a1 | 10.10.43.132 | 취약 | http://10.10.43.42:8080/dsk-dev-temp-a1.10.10.43.132.txt |
-| dsk-dev-temp-b1 | 10.10.43.140 | 취약 | http://10.10.43.42:8080/dsk-dev-temp-b1.10.10.43.140.txt |
-| dsk-dev-temp-c1 | 10.10.43.141 | 취약 | http://10.10.43.42:8080/dsk-dev-temp-c1.10.10.43.141.txt |
-| dsk-minio-master1 | 10.10.43.235 | 취약 | http://10.10.43.42:8080/dsk-minio-master1.10.10.43.235.txt |
-| dsk-minio-worker1 | 10.10.43.236 | 취약 | http://10.10.43.42:8080/dsk-minio-worker1.10.10.43.236.txt |
-| infra-master | 10.10.43.224 | 취약 | http://10.10.43.42:8080/infra-master.10.10.43.224.txt |
-| infra-worker001 | 10.10.43.225 | 취약 | http://10.10.43.42:8080/infra-worker001.10.10.43.225.txt |
-| infra-worker002 | 10.10.43.226 | 취약 | http://10.10.43.42:8080/infra-worker002.10.10.43.226.txt |
-| kafka-multi-0 | 10.10.43.151 | 취약 | http://10.10.43.42:8080/kafka-multi-0.10.10.43.151.txt |
-| kafka-multi-1 | 10.10.43.152 | 취약 | http://10.10.43.42:8080/kafka-multi-1.10.10.43.152.txt |
-| kafka-multi-2 | 10.10.43.153 | 취약 | http://10.10.43.42:8080/kafka-multi-2.10.10.43.153.txt |
-| opensearch-data-0 | 10.10.43.144 | 취약 | http://10.10.43.42:8080/opensearch-data-0.10.10.43.144.txt |
-| opensearch-data-1 | 10.10.43.145 | 취약 | http://10.10.43.42:8080/opensearch-data-1.10.10.43.145.txt |
-| opensearch-master-0 | 10.10.43.143 | 취약 | http://10.10.43.42:8080/opensearch-master-0.10.10.43.143.txt |
-| opensearch-search-0 | 10.10.43.146 | 취약 | http://10.10.43.42:8080/opensearch-search-0.10.10.43.146.txt |
-| release-master | 10.10.43.100 | 취약 | http://10.10.43.42:8080/release-master.10.10.43.100.txt |
-| releaseworker | 10.10.43.101 | 취약 | http://10.10.43.42:8080/releaseworker.10.10.43.101.txt |
-| ubuntu-18-04 | 10.10.43.164 | 취약 | http://10.10.43.42:8080/ubuntu-18-04.10.10.43.164.txt |
-| ubuntu-20-04 | 10.10.43.165 | 취약 | http://10.10.43.42:8080/ubuntu-20-04.10.10.43.165.txt |
-| ubuntu-22-04 | 10.10.43.166 | 취약 | http://10.10.43.42:8080/ubuntu-22-04.10.10.43.166.txt |
-| ubuntu2004 | 10.10.43.181 | 취약 | http://10.10.43.42:8080/ubuntu2004.10.10.43.181.txt |
-| ubuntu2204 | 10.10.43.182 | 취약 | http://10.10.43.42:8080/ubuntu2204.10.10.43.182.txt |
+| amazon-2023 | 10.10.43.175 | 취약 | http://10.10.43.42:8080/amazon-2023.10.10.43.175.txt |
+| centos-7 | 10.10.43.167 | 취약 | http://10.10.43.42:8080/centos-7.10.10.43.167.txt |
+| centos-8 | 10.10.43.168 | 취약 | http://10.10.43.42:8080/centos-8.10.10.43.168.txt |
+| centos-9 | 10.10.43.169 | 취약 | http://10.10.43.42:8080/centos-9.10.10.43.169.txt |
+| db-env | 10.10.43.176 | 취약 | http://10.10.43.42:8080/db-env.10.10.43.176.txt |
+| debian-12 | 10.10.43.173 | 취약 | http://10.10.43.42:8080/debian-12.10.10.43.173.txt |
+| openshift-4-13 | 10.10.43.171 | 취약 | http://10.10.43.42:8080/openshift-4-13.10.10.43.171.txt |
+| oracle-linux-9 | 10.10.43.174 | 취약 | http://10.10.43.42:8080/oracle-linux-9.10.10.43.174.txt |
--- a/ansible/security_check/checklist
+++ b/ansible/security_check/checklist
@@ -3,54 +3,54 @@ server
 nas

 [server]
-10.10.43.100 ansible_port=2222 ansible_user=dev2 
-10.10.43.101 ansible_port=2222 ansible_user=dev2
-10.10.43.105 ansible_port=2222 ansible_user=dev2
-10.10.43.106 ansible_port=2222 ansible_user=dev2
-10.10.43.111 ansible_port=2222 ansible_user=dev2
-10.10.43.112 ansible_port=2222 ansible_user=dev2
-10.10.43.113 ansible_port=2222 ansible_user=dev2
-10.10.43.114 ansible_port=2222 ansible_user=dev2
-10.10.43.115 ansible_port=2222 ansible_user=dev2
-10.10.43.116 ansible_port=2222 ansible_user=dev2
-10.10.43.117 ansible_port=2222 ansible_user=dev2
-10.10.43.118 ansible_port=2222 ansible_user=dev2
-10.10.43.119 ansible_port=2222 ansible_user=dev2
-10.10.43.120 ansible_port=2222 ansible_user=dev2
-10.10.43.121 ansible_port=2222 ansible_user=dev2
-10.10.43.122 ansible_port=2222 ansible_user=dev2
-10.10.43.123 ansible_port=2222 ansible_user=dev2
-10.10.43.124 ansible_port=2222 ansible_user=dev2
-10.10.43.125 ansible_port=2222 ansible_user=dev2
-10.10.43.126 ansible_port=2222 ansible_user=dev2
-10.10.43.127 ansible_port=2222 ansible_user=dev2
-10.10.43.128 ansible_port=2222 ansible_user=dev2
-10.10.43.129 ansible_port=2222 ansible_user=dev2
-10.10.43.130 ansible_port=2222 ansible_user=dev2
-10.10.43.131 ansible_port=2222 ansible_user=dev2
-10.10.43.132 ansible_port=2222 ansible_user=dev2
-10.10.43.133 ansible_port=2222 ansible_user=dev2
-10.10.43.134 ansible_port=2222 ansible_user=dev2
-10.10.43.135 ansible_port=2222 ansible_user=dev2
-10.10.43.136 ansible_port=2222 ansible_user=dev2
-10.10.43.137 ansible_port=2222 ansible_user=dev2
-10.10.43.138 ansible_port=2222 ansible_user=dev2
-10.10.43.139 ansible_port=2222 ansible_user=dev2
-10.10.43.140 ansible_port=2222 ansible_user=dev2
-10.10.43.141 ansible_port=2222 ansible_user=dev2
-10.10.43.142 ansible_port=2222 ansible_user=dev2
-10.10.43.143 ansible_port=2222 ansible_user=dev2
-10.10.43.144 ansible_port=2222 ansible_user=dev2
-10.10.43.145 ansible_port=2222 ansible_user=dev2
-10.10.43.146 ansible_port=2222 ansible_user=dev2
-10.10.43.147 ansible_port=2222 ansible_user=dev2
-10.10.43.148 ansible_port=2222 ansible_user=dev2
-10.10.43.151 ansible_port=2222 ansible_user=dev2
-10.10.43.152 ansible_port=2222 ansible_user=dev2
-10.10.43.153 ansible_port=2222 ansible_user=dev2
-10.10.43.164 ansible_port=2222 ansible_user=dev2
-10.10.43.165 ansible_port=2222 ansible_user=dev2
-10.10.43.166 ansible_port=2222 ansible_user=dev2
+#10.10.43.100 ansible_port=2222 ansible_user=dev2 
+#10.10.43.101 ansible_port=2222 ansible_user=dev2
+#10.10.43.105 ansible_port=2222 ansible_user=dev2
+#10.10.43.106 ansible_port=2222 ansible_user=dev2
+#10.10.43.111 ansible_port=2222 ansible_user=dev2
+#10.10.43.112 ansible_port=2222 ansible_user=dev2
+#10.10.43.113 ansible_port=2222 ansible_user=dev2
+#10.10.43.114 ansible_port=2222 ansible_user=dev2
+#10.10.43.115 ansible_port=2222 ansible_user=dev2
+#10.10.43.116 ansible_port=2222 ansible_user=dev2
+#10.10.43.117 ansible_port=2222 ansible_user=dev2
+#10.10.43.118 ansible_port=2222 ansible_user=dev2
+#10.10.43.119 ansible_port=2222 ansible_user=dev2
+#10.10.43.120 ansible_port=2222 ansible_user=dev2
+#10.10.43.121 ansible_port=2222 ansible_user=dev2
+#10.10.43.122 ansible_port=2222 ansible_user=dev2
+#10.10.43.123 ansible_port=2222 ansible_user=dev2
+#10.10.43.124 ansible_port=2222 ansible_user=dev2
+#10.10.43.125 ansible_port=2222 ansible_user=dev2
+#10.10.43.126 ansible_port=2222 ansible_user=dev2
+#10.10.43.127 ansible_port=2222 ansible_user=dev2
+#10.10.43.128 ansible_port=2222 ansible_user=dev2
+#10.10.43.129 ansible_port=2222 ansible_user=dev2
+#10.10.43.130 ansible_port=2222 ansible_user=dev2
+#10.10.43.131 ansible_port=2222 ansible_user=dev2
+#10.10.43.132 ansible_port=2222 ansible_user=dev2
+#10.10.43.133 ansible_port=2222 ansible_user=dev2
+#10.10.43.134 ansible_port=2222 ansible_user=dev2
+#10.10.43.135 ansible_port=2222 ansible_user=dev2
+#10.10.43.136 ansible_port=2222 ansible_user=dev2
+#10.10.43.137 ansible_port=2222 ansible_user=dev2
+#10.10.43.138 ansible_port=2222 ansible_user=dev2
+#10.10.43.139 ansible_port=2222 ansible_user=dev2
+#10.10.43.140 ansible_port=2222 ansible_user=dev2
+#10.10.43.141 ansible_port=2222 ansible_user=dev2
+#10.10.43.142 ansible_port=2222 ansible_user=dev2
+#10.10.43.143 ansible_port=2222 ansible_user=dev2
+#10.10.43.144 ansible_port=2222 ansible_user=dev2
+#10.10.43.145 ansible_port=2222 ansible_user=dev2
+#10.10.43.146 ansible_port=2222 ansible_user=dev2
+#10.10.43.147 ansible_port=2222 ansible_user=dev2
+#10.10.43.148 ansible_port=2222 ansible_user=dev2
+#10.10.43.151 ansible_port=2222 ansible_user=dev2
+#10.10.43.152 ansible_port=2222 ansible_user=dev2
+#10.10.43.153 ansible_port=2222 ansible_user=dev2
+#10.10.43.164 ansible_port=2222 ansible_user=dev2
+#10.10.43.165 ansible_port=2222 ansible_user=dev2
+#10.10.43.166 ansible_port=2222 ansible_user=dev2
 10.10.43.167 ansible_port=2222 ansible_user=dev2
 10.10.43.168 ansible_port=2222 ansible_user=dev2
 10.10.43.169 ansible_port=2222 ansible_user=dev2
@@ -60,51 +60,51 @@ nas
 10.10.43.174 ansible_port=2222 ansible_user=dev2
 10.10.43.175 ansible_port=2222 ansible_user=dev2
 10.10.43.176 ansible_port=2222 ansible_user=dev2
-10.10.43.177 ansible_port=2222 ansible_user=dev2
-10.10.43.178 ansible_port=2222 ansible_user=dev2
-10.10.43.179 ansible_port=2222 ansible_user=dev2
-10.10.43.180 ansible_port=2222 ansible_user=dev2
-10.10.43.181 ansible_port=2222 ansible_user=dev2
-10.10.43.182 ansible_port=2222 ansible_user=dev2
-10.10.43.185 ansible_port=2222 ansible_user=dev2
-10.10.43.186 ansible_port=2222 ansible_user=dev2
-10.10.43.187 ansible_port=2222 ansible_user=dev2
-10.10.43.188 ansible_port=2222 ansible_user=dev2
-10.10.43.189 ansible_port=2222 ansible_user=dev2
-10.10.43.190 ansible_port=2222 ansible_user=dev2
-10.10.43.191 ansible_port=2222 ansible_user=dev2
-10.10.43.192 ansible_port=2222 ansible_user=dev2
-10.10.43.193 ansible_port=2222 ansible_user=dev2
-10.10.43.194 ansible_port=2222 ansible_user=dev2
-10.10.43.199 ansible_port=2222 ansible_user=dev2
-10.10.43.195 ansible_port=2222 ansible_user=dev2
-10.10.43.196 ansible_port=2222 ansible_user=dev2
-10.10.43.197 ansible_port=2222 ansible_user=dev2
-10.10.43.200 ansible_port=2222 ansible_user=dev2
-10.10.43.201 ansible_port=2222 ansible_user=dev2
-10.10.43.202 ansible_port=2222 ansible_user=dev2
-10.10.43.203 ansible_port=2222 ansible_user=dev2
-10.10.43.204 ansible_port=2222 ansible_user=dev2
-10.10.43.205 ansible_port=2222 ansible_user=dev2
-10.10.43.206 ansible_port=2222 ansible_user=dev2
-10.10.43.207 ansible_port=2222 ansible_user=dev2
-10.10.43.208 ansible_port=2222 ansible_user=dev2
-10.10.43.210 ansible_port=2222 ansible_user=dev2
-10.10.43.211 ansible_port=2222 ansible_user=dev2
-10.10.43.212 ansible_port=2222 ansible_user=dev2
-10.10.43.213 ansible_port=2222 ansible_user=dev2
-10.10.43.214 ansible_port=2222 ansible_user=dev2
-10.10.43.215 ansible_port=2222 ansible_user=dev2
-10.10.43.216 ansible_port=2222 ansible_user=dev2
-10.10.43.217 ansible_port=2222 ansible_user=dev2
-10.10.43.218 ansible_port=2222 ansible_user=dev2
-10.10.43.224 ansible_port=2222 ansible_user=dev2
-10.10.43.225 ansible_port=2222 ansible_user=dev2
-10.10.43.226 ansible_port=2222 ansible_user=dev2
-10.10.43.227 ansible_port=2222 ansible_user=dev2
-10.10.43.228 ansible_port=2222 ansible_user=dev2
-10.10.43.235 ansible_port=2222 ansible_user=dev2
-10.10.43.236 ansible_port=2222 ansible_user=dev2
+#10.10.43.177 ansible_port=2222 ansible_user=dev2
+#10.10.43.178 ansible_port=2222 ansible_user=dev2
+#10.10.43.179 ansible_port=2222 ansible_user=dev2
+#10.10.43.180 ansible_port=2222 ansible_user=dev2
+#10.10.43.181 ansible_port=2222 ansible_user=dev2
+#10.10.43.182 ansible_port=2222 ansible_user=dev2
+#10.10.43.185 ansible_port=2222 ansible_user=dev2
+#10.10.43.186 ansible_port=2222 ansible_user=dev2
+#10.10.43.187 ansible_port=2222 ansible_user=dev2
+#10.10.43.188 ansible_port=2222 ansible_user=dev2
+#10.10.43.189 ansible_port=2222 ansible_user=dev2
+#10.10.43.190 ansible_port=2222 ansible_user=dev2
+#10.10.43.191 ansible_port=2222 ansible_user=dev2
+#10.10.43.192 ansible_port=2222 ansible_user=dev2
+#10.10.43.193 ansible_port=2222 ansible_user=dev2
+#10.10.43.194 ansible_port=2222 ansible_user=dev2
+#10.10.43.199 ansible_port=2222 ansible_user=dev2
+#10.10.43.195 ansible_port=2222 ansible_user=dev2
+#10.10.43.196 ansible_port=2222 ansible_user=dev2
+#10.10.43.197 ansible_port=2222 ansible_user=dev2
+#10.10.43.200 ansible_port=2222 ansible_user=dev2
+#10.10.43.201 ansible_port=2222 ansible_user=dev2
+#10.10.43.202 ansible_port=2222 ansible_user=dev2
+#10.10.43.203 ansible_port=2222 ansible_user=dev2
+#10.10.43.204 ansible_port=2222 ansible_user=dev2
+#10.10.43.205 ansible_port=2222 ansible_user=dev2
+#10.10.43.206 ansible_port=2222 ansible_user=dev2
+#10.10.43.207 ansible_port=2222 ansible_user=dev2
+#10.10.43.208 ansible_port=2222 ansible_user=dev2
+#10.10.43.210 ansible_port=2222 ansible_user=dev2
+#10.10.43.211 ansible_port=2222 ansible_user=dev2
+#10.10.43.212 ansible_port=2222 ansible_user=dev2
+#10.10.43.213 ansible_port=2222 ansible_user=dev2
+#10.10.43.214 ansible_port=2222 ansible_user=dev2
+#10.10.43.215 ansible_port=2222 ansible_user=dev2
+#10.10.43.216 ansible_port=2222 ansible_user=dev2
+#10.10.43.217 ansible_port=2222 ansible_user=dev2
+#10.10.43.218 ansible_port=2222 ansible_user=dev2
+#10.10.43.224 ansible_port=2222 ansible_user=dev2
+#10.10.43.225 ansible_port=2222 ansible_user=dev2
+#10.10.43.226 ansible_port=2222 ansible_user=dev2
+#10.10.43.227 ansible_port=2222 ansible_user=dev2
+#10.10.43.228 ansible_port=2222 ansible_user=dev2
+#10.10.43.235 ansible_port=2222 ansible_user=dev2
+#10.10.43.236 ansible_port=2222 ansible_user=dev2
 #10.10.43.252 ansible_port=2222 ansible_user=dev2

 [nas]
--- a/ansible/security_check/roles/security_check/files/rocky.sh
+++ b/ansible/security_check/roles/security_check/files/rocky.sh
@@ -1,6 +1,6 @@
 #!/bin/bash

-resultfile="Results_$(date '+%F_%H:%M:%S').txt"
+resultfile="/tmp/$(hostname).$(hostname -I | awk '{print $1}').txt"

 U_01() {
 	echo ""  >> $resultfile 2>&1
@@ -2116,31 +2116,31 @@ U_45() {
 	echo ""  >> $resultfile 2>&1
 	echo "▶ U-45(하) | 1. 계정관리 > 1.6 root 계정 su 제한 ◀"  >> $resultfile 2>&1
 	echo " 양호 판단 기준 : su 명령어를 특정 그룹에 속한 사용자만 사용하도록 제한되어 있는 경우" >> $resultfile 2>&1
-	echo " ### pam_rootok.so 모듈을 사용하지 않는 경우 U_45 함수 수정 필요" >> $resultfile 2>&1
-	echo " ### pam_rootok.so 모듈 사용과 함께 trust 문구를 추가한 경우 U_45 함수 수정 필요" >> $resultfile 2>&1
+	#echo " ### pam_rootok.so 모듈을 사용하지 않는 경우 U_45 함수 수정 필요" >> $resultfile 2>&1
+	#echo " ### pam_rootok.so 모듈 사용과 함께 trust 문구를 추가한 경우 U_45 함수 수정 필요" >> $resultfile 2>&1
 	rpm_libpam_count=`rpm -qa 2>/dev/null | grep '^libpam' | wc -l`
 	dnf_libpam_count=`dnf list installed 2>/dev/null | grep -i '^libpam' | wc -l`
 	if [ $rpm_libpam_count -gt 0 ] && [ $dnf_libpam_count -gt 0 ]; then
 		# !!! pam_rootok.so 설정을 하지 않은 경우 하단의 첫 번째 if 문을 삭제하세요.
 		etc_pamd_su_rootokso_count=`grep -vE '^#|^\s#' /etc/pam.d/su | grep 'pam_rootok.so' | wc -l`
-		if [ $etc_pamd_su_rootokso_count -gt 0 ]; then
-			# !!! pam_wheel.so 설정에 trust 문구를 추가한 경우 하단의 if 문 조건절에 'grep 'trust'를 추가하세요.
-			etc_pamd_su_wheelso_count=`grep -vE '^#|^\s#' /etc/pam.d/su | grep 'pam_wheel.so' | wc -l`
-			if [ $etc_pamd_su_wheelso_count -eq 0 ]; then
-				echo "※ U-45 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
-				echo " /etc/pam.d/su 파일에 pam_wheel.so 모듈이 없습니다." >> $resultfile 2>&1
-				return 0
-			fi
-		else
-			echo "※ U-45 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
-			echo " /etc/pam.d/su 파일에서 pam_rootok.so 모듈이 없습니다." >> $resultfile 2>&1
-			return 0
-		fi
+		#if [ $etc_pamd_su_rootokso_count -gt 0 ]; then
+		#	# !!! pam_wheel.so 설정에 trust 문구를 추가한 경우 하단의 if 문 조건절에 'grep 'trust'를 추가하세요.
+		#	etc_pamd_su_wheelso_count=`grep -vE '^#|^\s#' /etc/pam.d/su | grep 'pam_wheel.so' | wc -l`
+		#	if [ $etc_pamd_su_wheelso_count -eq 0 ]; then
+		#		echo "※ U-45 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
+		#		echo " /etc/pam.d/su 파일에 pam_wheel.so 모듈이 없습니다." >> $resultfile 2>&1
+		#		return 0
+		#	fi
+		#else
+		#	echo "※ U-45 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
+		#	echo " /etc/pam.d/su 파일에서 pam_rootok.so 모듈이 없습니다." >> $resultfile 2>&1
+		#	return 0
+		#fi
 	else
 		su_executables=("/bin/su" "/usr/bin/su")
-		if [ `which su 2>/dev/null | wc -l` -gt 0 ]; then
-			su_executables[${#su_executables[@]}]=`which su 2>/dev/null`
-		fi
+		#if [ `which su 2>/dev/null | wc -l` -gt 0 ]; then
+		#	su_executables[${#su_executables[@]}]=`which su 2>/dev/null`
+		#fi
 		for ((i=0; i<${#su_executables[@]}; i++))
 		do
 			if [ -f ${su_executables[$i]} ]; then
@@ -3683,78 +3683,82 @@ echo "#                         Copyright (c) 2023 Kim Jei
 echo "#                                                                            #" >> $resultfile 2>&1
 echo "##############################################################################" >> $resultfile 2>&1

-U_01
-U_02
-U_03
-U_04
-U_05
-U_06
-U_07
-U_08
-U_09
-U_10
-U_11
-U_12
-U_13
-U_14
-U_15
-U_16
-U_17
-U_18
-U_19
-U_20
-U_21
-U_22
-U_23
-U_24
-U_25
-U_26
-U_27
-U_28
-U_29
-U_30
-U_31
-U_32
-U_33
-U_34
-U_35
-U_36
-U_37
-U_38
-U_39
-U_40
-U_41
-U_42
-U_43
-U_44
-U_45
-U_46
-U_47
-U_48
-U_49
-U_50
-U_51
-U_52
-U_53
-U_54
-U_55
-U_56
-U_57
-U_58
-U_59
-U_60
-U_61
-U_62
-U_63
-U_64
-U_65
-U_66
-U_67
-U_68
-U_69
-U_70
-U_71
-U_72
+U_01 # root 계정 원격 접속 제한
+#U_02 # 랜덤 패스워드를 사용중이라 제외
+U_03 # 계정 잠금 임계값 설정
+U_04 # 패스워드 파일 보호
+U_05 # root 홈, 패스 디렉터리 권한 및 패스 설정
+U_06 # 파일 및 디렉터리 소유자 설정
+U_07 # /etc/passwd 파일 소유자 및 권한 설정
+U_08 # /etc/shadow 파일 소유자 및 권한 설정
+U_09 # /etc/hosts 파일 소유자 및 권한 설정
+U_10 # /etc/(x)inetd.conf 파일 소유자 및 권한 설정
+U_11 # /etc/syslog.conf 파일 소유자 및 권한 설정
+U_12 # /etc/services 파일 소유자 및 권한 설정
+#U_13 # kubernetes 사용에 의한 어쩔 수 없음 제외
+U_14 # 사용자, 시스템 시작파일 및 환경파일 소유자 및 권한 설정
+#U_15 # kubernetes 사용에 의한 어쩔 수 없음 제외
+U_16 # /dev에 존재하지 않는 device 파일 점검
+U_17 # $HOME/.rhosts, hosts.equiv 사용 금지
+#U_18 # /etc/ssh/sshd_config.d/cat allow_users.conf 에서 별도로 관리하기 때문에 제외
+#U_19 # Finger 서비스를 사용하지 않아 제외
+#U_20 # FTP 서비스를 사용하지 않아 제외 (익명 ftp 차단 되어 있음)
+U_21 # r 계열 서비스 비활성화 
+U_22 # cron 파일 소유자 및 권한설정 
+U_23 # Dos 공격에 취약한 서비스 비활성화
+#U_24 # NFS 서비스를 사용하지 않아 제외
+#U_25 # NFS 서비스를 사용하지 않아 제외
+U_26 # automountd 제거
+#U_27 # RPC 서비스를 사용하지 않아 제외
+#U_28 # NIS 서비스를 사용하지 않아 제외
+#U_29 # tftp, talk, ntalk 서비스를 사용하지 않아 제외
+#U_30 # SMTP 서비스를 사용하지 않아 제외 (sendmail 버전은 최신)
+#U_31 # SMTP 서비스를 사용하지 않아 제외
+#U_32 # SMTP 서비스를 사용하지 않아 제외
+#U_33 # DNS 서비스를 사용하지 않아 제외
+#U_34 # DNS 서비스를 사용하지 않아 제외
+#U_35 # 웹 서비스를 사용하지 않아 제외 
+#U_36 # 웹 서비스를 사용하지 않아 제외 
+#U_37 # 웹 서비스를 사용하지 않아 제외 
+#U_38 # 웹 서비스를 사용하지 않아 제외 
+#U_39 # 웹 서비스를 사용하지 않아 제외 
+#U_40 # 웹 서비스를 사용하지 않아 제외
+#U_41 # 웹 서비스를 사용하지 않아 제외
+#U_42 # 수동 점검이 필요한 항목이라 제외
+#U_43 # 수동 점검이 필요한 항목이라 제외
+#U_44 # UID가 0은 root 뿐 임으로 제외
+#U_45 # sudo 같은 경우 root와 dev2 그룹만 할당되어 있기 때문에 제외
+#U_46 # 랜덤한 패스워드를 사용중이기 때문에 제외
+#U_47 # 적용되어 있기 때문에 제외
+#U_48 # 적용되어 있기 때문에 제외
+#U_49 # dev2 , dev2-iac를 제외 모두 os 기본 계정인데 삭제하기 애매하기 때문에 제외
+#U_50 # 관리자 그룹에는 "root" 계정만 있기 때문에 제외
+#U_51 # dev2 를 제외 생성한 그룹이 존재하지 않아 제외
+#U_52 # 기본적으로 동일한 UID로 계정이 생성되지 않고, 현재 존재하지 않아서 제외
+#U_53 # SSH Port 변경이 되어 있어서 제외
+#U_54 # 타임 아웃 설정이 되어 있어 제외
+#U_55 # hosts.lpd 파일을 사용하지 않음
+#U_56 # UMASK의 값은 022 에서 변경하지 않음
+
+#############################################
+#U_57 #OS 기본 설정이 "/usr/sbin/ 의 소유자는 root#
+#############################################
+
+#U_58 # "/" 가 홈디렉토리인 계정을 찾을 수 없음
+#U_59 # 숨김 파일은 있을 수 밖에 없어 제외
+#U_60 # FTP 서비스를 사용하지 않아 제외
+#U_61 # FTP 서비스를 사용하지 않아 제외 
+#U_62 # FTP 서비스를 사용하지 않아 제외
+#U_63 # FTP 서비스를 사용하지 않아 제외
+#U_64 # FTP 서비스를 사용하지 않아 제외
+U_65 # at 파일 소유자 및 권한 설정 
+#U_66 # SMTP 서비스를 사용하지 않아 제외
+#U_67 # SMTP 서비스를 사용하지 않아 제외
+#U_68 # 메시지 추가 예정이기 때문에 제외
+#U_69 # NFS 서비스를 사용하지 않아 제외
+#U_70 # SMTP 서비스를 사용하지 않아 제외
+#U_71 # 아파치 서비스를 사용하지 않아 제외
+#U_72 # 수동 점검이 필요한 항목이라 제외

 echo ""  >> $resultfile 2>&1
 echo "================================ 진단 결과 요약 ================================" >> $resultfile 2>&1
--- a/ansible/security_check/roles/security_check/tasks/create_readme.yml
+++ b/ansible/security_check/roles/security_check/tasks/create_readme.yml
@@ -5,7 +5,6 @@
  args:
    chdir: /volume1/platform/05_Security_check/
  register: check_status
-  when: "'nas' in group_names"

 - name: check status [2]
  shell: |
@@ -13,22 +12,18 @@
  args:
    chdir: /volume1/platform/05_Security_check/
  register: check_ok
-  when: "'nas' in group_names"

 - debug:
    msg: "취약점 {{ check_status.stdout_lines }} 발견"
-  when: "'nas' in group_names"

 - debug:
    msg: "취약점 {{ check_ok.stdout_lines }} 양호"
-  when: "'nas' in group_names"

 - name: Create README.md
  template:
    src: README.md.j2
    dest: "{{ playbook_dir }}/README.md"
  delegate_to: 127.0.0.1
-  when: "'nas' in group_names"

 - name: git push
  shell: |
@@ -36,9 +31,9 @@
    ls -al
    git config --global user.email "sa_8001@ex-em.com"
    git config --global user.name "ByeonJungHun"
-    git clone https://{{ git_user }}:{{ git_key }}github.com/CloudMOA/dsk-iac.git ~/security_check
+    git clone https://{{ git_user }}:{{ git_key }}github.com/CloudMOA/dsk-iac.git ~/dsk-iac
    cp ./README.md ~/dsk-iac/ansible/security_check/README.md
-    cd ~/security_check
+    cd ~/dsk-iac
    cat README.md
    pwd
    ls -al
@@ -46,8 +41,6 @@
    git commit -m "검사 결과 업데이트"
    git push
  delegate_to: 127.0.0.1
-  when: "'nas' in group_names"

 - debug:
    msg: "결과 확인 : https://github.com/CloudMOA/dsk-iac/tree/main/ansible/security_check"
-  when: "'nas' in group_names"
--- a/ansible/security_check/roles/security_check/tasks/main.yml
+++ b/ansible/security_check/roles/security_check/tasks/main.yml
@@ -2,3 +2,4 @@
 - include: start.yml

 - include: create_readme.yml
+  when: "'nas' in group_names"
--- a/ansible/security_check/roles/security_check/tasks/start.yml
+++ b/ansible/security_check/roles/security_check/tasks/start.yml
@@ -15,7 +15,13 @@
  copy:
    src: "{{ role_path }}/files/ubuntu.sh"
    dest: /tmp/ubuntu.sh
-  when: ansible_distribution == 'Ubuntu'
+  when: ansible_facts['os_family'] == 'Debian'
+
+- name: Copy Security Check Script
+  copy:
+    src: "{{ role_path }}/files/rocky.sh"
+    dest: /tmp/rocky.sh
+  when: ansible_facts['os_family'] == 'RedHat'

 - name: Start Security Check Script (become -> true)
  shell: |
@@ -23,21 +29,29 @@
    bash /tmp/ubuntu.sh
    rm -rf /tmp/ubuntu.sh
  become: true
-  when: ansible_distribution == 'Ubuntu'
+  when: ansible_facts['os_family'] == 'Debian'
+
+- name: Start Security Check Script (become -> true)
+  shell: |
+    chdir
+    bash /tmp/rocky.sh
+    rm -rf /tmp/rocky.sh
+  become: true
+  when: ansible_facts['os_family'] == 'RedHat'

 - name: Copy Result File to Local
  fetch:
    src: "/tmp/{{ ansible_hostname }}.{{ ansible_host }}.txt"
    dest: "~/checklist/"
    flat: yes
-  when: ansible_distribution == 'Ubuntu'
+  when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'RedHat'

 - name: Delete Result File (become -> true)
  file:
    path: "/tmp/{{ ansible_hostname }}.txt"
    state: absent
  become: true
-  when: ansible_distribution == 'Ubuntu'
+  when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'RedHat'

 - name: Find Copy File Name
  shell: ls -l ~/checklist/ | awk 'NR>1 {print $9}'
--- a/ansible/security_check/server_check.yml
+++ b/ansible/security_check/server_check.yml
@@ -2,5 +2,8 @@
 - hosts: all
  become: false
  gather_facts: true
+  vars:
+    git_user: sa_8001
+    git_key: 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
  roles:
    - role: security_check