diff --git a/ansible/infra_setting/infra-settings.yml b/ansible/infra_setting/infra-settings.yml index 4902c49..92fa6d1 100644 --- a/ansible/infra_setting/infra-settings.yml +++ b/ansible/infra_setting/infra-settings.yml @@ -16,4 +16,12 @@ # custom_labels: 'user=havelight,company=exem' #update: True # install: True + iptables_rules: + - { source: "10.10.45.0/24", target: "DROP" } + - { source: "10.10.47.0/24", target: "DROP" } + - { source: "10.10.48.0/24", target: "DROP" } + - { source: "10.10.50.0/24", target: "DROP" } + - { source: "10.10.37.0/24", target: "DROP" } + delete_rule: False + add_rule: True diff --git a/ansible/infra_setting/passwd_inventory b/ansible/infra_setting/passwd_inventory index 33a2461..81972bd 100644 --- a/ansible/infra_setting/passwd_inventory +++ b/ansible/infra_setting/passwd_inventory @@ -73,4 +73,32 @@ 10.10.43.193 ansible_port=2222 ansible_user=dev2 10.10.43.194 ansible_port=2222 ansible_user=dev2 10.10.43.199 ansible_port=2222 ansible_user=dev2 - +10.10.43.195 ansible_port=2222 ansible_user=dev2 +10.10.43.196 ansible_port=2222 ansible_user=dev2 +10.10.43.197 ansible_port=2222 ansible_user=dev2 +10.10.43.200 ansible_port=2222 ansible_user=dev2 +10.10.43.201 ansible_port=2222 ansible_user=dev2 +10.10.43.202 ansible_port=2222 ansible_user=dev2 +10.10.43.203 ansible_port=2222 ansible_user=dev2 +10.10.43.204 ansible_port=2222 ansible_user=dev2 +10.10.43.205 ansible_port=2222 ansible_user=dev2 +10.10.43.206 ansible_port=2222 ansible_user=dev2 +10.10.43.207 ansible_port=2222 ansible_user=dev2 +10.10.43.208 ansible_port=2222 ansible_user=dev2 +10.10.43.210 ansible_port=2222 ansible_user=dev2 +10.10.43.211 ansible_port=2222 ansible_user=dev2 +10.10.43.212 ansible_port=2222 ansible_user=dev2 +10.10.43.213 ansible_port=2222 ansible_user=dev2 +10.10.43.214 ansible_port=2222 ansible_user=dev2 +10.10.43.215 ansible_port=2222 ansible_user=dev2 +10.10.43.216 ansible_port=2222 ansible_user=dev2 +10.10.43.217 ansible_port=2222 ansible_user=dev2 +10.10.43.218 ansible_port=2222 ansible_user=dev2 +10.10.43.224 ansible_port=2222 ansible_user=dev2 +10.10.43.225 ansible_port=2222 ansible_user=dev2 +10.10.43.226 ansible_port=2222 ansible_user=dev2 +10.10.43.227 ansible_port=2222 ansible_user=dev2 +10.10.43.228 ansible_port=2222 ansible_user=dev2 +10.10.43.235 ansible_port=2222 ansible_user=dev2 +10.10.43.236 ansible_port=2222 ansible_user=dev2 +10.10.43.252 ansible_port=2222 ansible_user=dev2 \ No newline at end of file diff --git a/ansible/infra_setting/roles/connect-settings/tasks/00_host_setting.yml b/ansible/infra_setting/roles/connect-settings/tasks/00_host_setting.yml index 0e08eb8..1ad6b9c 100644 --- a/ansible/infra_setting/roles/connect-settings/tasks/00_host_setting.yml +++ b/ansible/infra_setting/roles/connect-settings/tasks/00_host_setting.yml @@ -1,17 +1,4 @@ --- -- name: "host setting" - hosts: all - become: yes - vars: - iptables_rules: - - { source: "10.10.45.0/24", target: "DROP" } - - { source: "10.10.47.0/24", target: "DROP" } - - { source: "10.10.48.0/24", target: "DROP" } - - { source: "10.10.50.0/24", target: "DROP" } - - { source: "10.10.37.0/24", target: "DROP" } - delete_rule: False - add_rule: True - - name: "Create dev2 group" ansible.builtin.group: name: "dev2" @@ -49,6 +36,7 @@ with_items: - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRP/Kjn7UBudTO4ZLtWXRJNDcOPGbm+5jLKax+1tVgN2n0MCmwwrbFJQJvdaE/wp4+PnMtEyt+IqdwFdUDah8tu9CIYZ2Jk2T18oU7hYGvymh+QJmZgCNvYcmM9ATJbXpns7y8VLDVbkSq9EJIB+emLt1ZV/C8cyvhlmBUwGQA6c3zMgzWl9MT0HLa7H88cNVVknZPY0vGIw+H0Y2JtDr62xyVNT7w8B+jh7Yu6nCnQchwx3IRWGATuKfi2FB3rhkDqNvM1h00JJosu5ooBn3g5xll+w+sVKIQxEWShI9zatYP9/zrce+uVYeZLfz52X8giJ9dns66vqEKdJtdp4By5RPxRSsdQ2QGAQ0UuBHKgweU2EzivLynu49oiShAiJPxmru4TiGtchl52dvw/E9rjZiCKTq697azHHLbwTiOgbHpnu7GrxNRMdXCON70RYJpfERg/SGxxmUNF9OhYUeQJGNc8DcWnlBUrT/9Wi3Ryh1rKx2wtZt6eDkrehJ1lgU=" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmxGUDo5rdB/XA+cyH4a7Kn8zGWHqbL0AZDL55j5JLRLXC/z482Rp2cIx/FsQRtwEslEVXHHSowpJWHvQ4Z6NcInh0/0psJK2K8qnApLDHhPoiQzpGL+nG4JIho/10QPGpJ2aDcXdushvUME97j0A8hfaoR2xhBl2C9r865Vred0M971A5SRchwN/cmsTh2OMYGXKHD9RC6OFud2sQjyidkSTW58yBoN2B5CoAO4GMV09jX6Wp43jot19xJ5lX65NAHLsNIXMWiURmQDieIKqEiwWlPgwo7geErHlMOoNoypU9yTaN9NMYWZBG1xVL5skjmkdTEd+cnHBLAvhVtW1w5pOA7S8OUXkmiu0UITLYyWfzUx4uwzb7nGcb6aDboRVX6w8H4+GVgpYWJq+fh0ZZ9JbsdP6+PjRz1vgptM7K4Ji5ZRvqV5WMT0cvpySBaJakLSiPSa+dxGi6nfowXvUEAzMIVyaScNgCs1/NpdgN8dwffZlYB9WBUxY+5IjBQc8=" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKDxtkcfx2ITlT2Yh7ZCT79do/25YQ2vROz38m8veAuBhOw+75oZJ4nN//zOWaaMvpC3Z7NIzOR+3UeukhnLZ591q8AaHcKjV8JEJMo2pvpH1vdLcTL9baLqWrxzgRimnZUNf5n5HNr+AKoXuPp//aVSJSoeznb66r04/rJSetT0QGDC8Kj5Q+MNvdd0/3U/nu7JxW9LIEaLoeiX6mVb4PpV7kl3rI3Vut/GnWakOhbS4yNvIFdR6d8rv305/BXJOz/aWy+0j7qK+NBzbSsI/l0vVUHfeD3whYGePCpWmj73ZsMTMjIjrC8DpRQlOJlAZ0GVpQnd/ayIWi4+V8VjvFcd6vSqrhhsNoOyo0Y/6cyO6iyvKqohMK6+HF1w6aXoaGCFFSl/3gw63saNAsdZPArnwf5yZ6GfPa/9bRn2k9g5xfp97Itpo6Iqq+PuRcZOes0EiIQe2hOoYQEIHIRhf8CZ+Xf6W1+XZB+WxEzUe4GCCwgUdTB6RIr4ThDxwCBV0=" when: - add_rule == True @@ -59,6 +47,7 @@ with_items: - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRP/Kjn7UBudTO4ZLtWXRJNDcOPGbm+5jLKax+1tVgN2n0MCmwwrbFJQJvdaE/wp4+PnMtEyt+IqdwFdUDah8tu9CIYZ2Jk2T18oU7hYGvymh+QJmZgCNvYcmM9ATJbXpns7y8VLDVbkSq9EJIB+emLt1ZV/C8cyvhlmBUwGQA6c3zMgzWl9MT0HLa7H88cNVVknZPY0vGIw+H0Y2JtDr62xyVNT7w8B+jh7Yu6nCnQchwx3IRWGATuKfi2FB3rhkDqNvM1h00JJosu5ooBn3g5xll+w+sVKIQxEWShI9zatYP9/zrce+uVYeZLfz52X8giJ9dns66vqEKdJtdp4By5RPxRSsdQ2QGAQ0UuBHKgweU2EzivLynu49oiShAiJPxmru4TiGtchl52dvw/E9rjZiCKTq697azHHLbwTiOgbHpnu7GrxNRMdXCON70RYJpfERg/SGxxmUNF9OhYUeQJGNc8DcWnlBUrT/9Wi3Ryh1rKx2wtZt6eDkrehJ1lgU=" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmxGUDo5rdB/XA+cyH4a7Kn8zGWHqbL0AZDL55j5JLRLXC/z482Rp2cIx/FsQRtwEslEVXHHSowpJWHvQ4Z6NcInh0/0psJK2K8qnApLDHhPoiQzpGL+nG4JIho/10QPGpJ2aDcXdushvUME97j0A8hfaoR2xhBl2C9r865Vred0M971A5SRchwN/cmsTh2OMYGXKHD9RC6OFud2sQjyidkSTW58yBoN2B5CoAO4GMV09jX6Wp43jot19xJ5lX65NAHLsNIXMWiURmQDieIKqEiwWlPgwo7geErHlMOoNoypU9yTaN9NMYWZBG1xVL5skjmkdTEd+cnHBLAvhVtW1w5pOA7S8OUXkmiu0UITLYyWfzUx4uwzb7nGcb6aDboRVX6w8H4+GVgpYWJq+fh0ZZ9JbsdP6+PjRz1vgptM7K4Ji5ZRvqV5WMT0cvpySBaJakLSiPSa+dxGi6nfowXvUEAzMIVyaScNgCs1/NpdgN8dwffZlYB9WBUxY+5IjBQc8=" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKDxtkcfx2ITlT2Yh7ZCT79do/25YQ2vROz38m8veAuBhOw+75oZJ4nN//zOWaaMvpC3Z7NIzOR+3UeukhnLZ591q8AaHcKjV8JEJMo2pvpH1vdLcTL9baLqWrxzgRimnZUNf5n5HNr+AKoXuPp//aVSJSoeznb66r04/rJSetT0QGDC8Kj5Q+MNvdd0/3U/nu7JxW9LIEaLoeiX6mVb4PpV7kl3rI3Vut/GnWakOhbS4yNvIFdR6d8rv305/BXJOz/aWy+0j7qK+NBzbSsI/l0vVUHfeD3whYGePCpWmj73ZsMTMjIjrC8DpRQlOJlAZ0GVpQnd/ayIWi4+V8VjvFcd6vSqrhhsNoOyo0Y/6cyO6iyvKqohMK6+HF1w6aXoaGCFFSl/3gw63saNAsdZPArnwf5yZ6GfPa/9bRn2k9g5xfp97Itpo6Iqq+PuRcZOes0EiIQe2hOoYQEIHIRhf8CZ+Xf6W1+XZB+WxEzUe4GCCwgUdTB6RIr4ThDxwCBV0=" when: - add_rule == True diff --git a/ansible/infra_setting/roles/connect-settings/templates/allow_users.j2 b/ansible/infra_setting/roles/connect-settings/templates/allow_users.j2 index 67c88da..baef49d 100755 --- a/ansible/infra_setting/roles/connect-settings/templates/allow_users.j2 +++ b/ansible/infra_setting/roles/connect-settings/templates/allow_users.j2 @@ -1,3 +1,4 @@ +AllowUsers dev2@10.10.43.* AllowUsers dev2-iac@10.10.43.* AllowUsers *@10.20.142.* {% if ansible_distribution == "Ubuntu" %} diff --git a/ansible/security_check/roles/security_check/tasks/create_readme.yml b/ansible/security_check/roles/security_check/tasks/create_readme.yml index 7a92a00..b3968de 100644 --- a/ansible/security_check/roles/security_check/tasks/create_readme.yml +++ b/ansible/security_check/roles/security_check/tasks/create_readme.yml @@ -36,8 +36,8 @@ ls -al git config --global user.email "sa_8001@ex-em.com" git config --global user.name "ByeonJungHun" - git clone https://{{ git_user }}:{{ git_key }}@github.com/CloudMOA/security_check.git ~/security_check - cp ./README.md ~/security_check/README.md + git clone https://{{ git_user }}:{{ git_key }}github.com/CloudMOA/dsk-iac.git ~/security_check + cp ./README.md ~/dsk-iac/ansible/security_check/README.md cd ~/security_check cat README.md pwd @@ -49,5 +49,5 @@ when: "'nas' in group_names" - debug: - msg: "결과 확인 : https://github.com/CloudMOA/security_check.git" + msg: "결과 확인 : https://github.com/CloudMOA/dsk-iac/tree/main/ansible/security_check" when: "'nas' in group_names" \ No newline at end of file