test

2024-01-09 15:34:55 +09:00
parent f421543abd
commit cd5d73ef90
3 changed files with 171 additions and 165 deletions
--- a/ansible/security_check/checklist
+++ b/ansible/security_check/checklist
@@ -3,109 +3,115 @@ server
 nas

 [server]
-10.10.43.100 ansible_port=2222 ansible_user=dev2 
-10.10.43.101 ansible_port=2222 ansible_user=dev2
-10.10.43.105 ansible_port=2222 ansible_user=dev2
-10.10.43.106 ansible_port=2222 ansible_user=dev2
-10.10.43.111 ansible_port=2222 ansible_user=dev2
-10.10.43.112 ansible_port=2222 ansible_user=dev2
-10.10.43.113 ansible_port=2222 ansible_user=dev2
-10.10.43.114 ansible_port=2222 ansible_user=dev2
-10.10.43.115 ansible_port=2222 ansible_user=dev2
-10.10.43.116 ansible_port=2222 ansible_user=dev2
-10.10.43.117 ansible_port=2222 ansible_user=dev2
-10.10.43.118 ansible_port=2222 ansible_user=dev2
-10.10.43.119 ansible_port=2222 ansible_user=dev2
-10.10.43.120 ansible_port=2222 ansible_user=dev2
-10.10.43.121 ansible_port=2222 ansible_user=dev2
-10.10.43.122 ansible_port=2222 ansible_user=dev2
-10.10.43.123 ansible_port=2222 ansible_user=dev2
-10.10.43.124 ansible_port=2222 ansible_user=dev2
-10.10.43.125 ansible_port=2222 ansible_user=dev2
-10.10.43.126 ansible_port=2222 ansible_user=dev2
-10.10.43.127 ansible_port=2222 ansible_user=dev2
-10.10.43.128 ansible_port=2222 ansible_user=dev2
-10.10.43.129 ansible_port=2222 ansible_user=dev2
-10.10.43.130 ansible_port=2222 ansible_user=dev2
-10.10.43.131 ansible_port=2222 ansible_user=dev2
-10.10.43.132 ansible_port=2222 ansible_user=dev2
-10.10.43.133 ansible_port=2222 ansible_user=dev2
-10.10.43.134 ansible_port=2222 ansible_user=dev2
-10.10.43.135 ansible_port=2222 ansible_user=dev2
-10.10.43.136 ansible_port=2222 ansible_user=dev2
-10.10.43.137 ansible_port=2222 ansible_user=dev2
-10.10.43.138 ansible_port=2222 ansible_user=dev2
-10.10.43.139 ansible_port=2222 ansible_user=dev2
-10.10.43.140 ansible_port=2222 ansible_user=dev2
-10.10.43.141 ansible_port=2222 ansible_user=dev2
-10.10.43.142 ansible_port=2222 ansible_user=dev2
-10.10.43.143 ansible_port=2222 ansible_user=dev2
-10.10.43.144 ansible_port=2222 ansible_user=dev2
-10.10.43.145 ansible_port=2222 ansible_user=dev2
-10.10.43.146 ansible_port=2222 ansible_user=dev2
-10.10.43.147 ansible_port=2222 ansible_user=dev2
-10.10.43.148 ansible_port=2222 ansible_user=dev2
-10.10.43.151 ansible_port=2222 ansible_user=dev2
-10.10.43.152 ansible_port=2222 ansible_user=dev2
-10.10.43.153 ansible_port=2222 ansible_user=dev2
-10.10.43.164 ansible_port=2222 ansible_user=dev2
-10.10.43.165 ansible_port=2222 ansible_user=dev2
-10.10.43.166 ansible_port=2222 ansible_user=dev2
-10.10.43.167 ansible_port=2222 ansible_user=dev2
-10.10.43.168 ansible_port=2222 ansible_user=dev2
-10.10.43.169 ansible_port=2222 ansible_user=dev2
-10.10.43.171 ansible_port=2222 ansible_user=dev2
-10.10.43.172 ansible_port=2222 ansible_user=dev2
-10.10.43.173 ansible_port=2222 ansible_user=dev2
-10.10.43.174 ansible_port=2222 ansible_user=dev2
-10.10.43.175 ansible_port=2222 ansible_user=dev2
-10.10.43.176 ansible_port=2222 ansible_user=dev2
-10.10.43.177 ansible_port=2222 ansible_user=dev2
-10.10.43.178 ansible_port=2222 ansible_user=dev2
-10.10.43.179 ansible_port=2222 ansible_user=dev2
-10.10.43.180 ansible_port=2222 ansible_user=dev2
-10.10.43.181 ansible_port=2222 ansible_user=dev2
-10.10.43.182 ansible_port=2222 ansible_user=dev2
-10.10.43.185 ansible_port=2222 ansible_user=dev2
-10.10.43.186 ansible_port=2222 ansible_user=dev2
-10.10.43.187 ansible_port=2222 ansible_user=dev2
-10.10.43.188 ansible_port=2222 ansible_user=dev2
-10.10.43.189 ansible_port=2222 ansible_user=dev2
-10.10.43.190 ansible_port=2222 ansible_user=dev2
-10.10.43.191 ansible_port=2222 ansible_user=dev2
-10.10.43.192 ansible_port=2222 ansible_user=dev2
-10.10.43.193 ansible_port=2222 ansible_user=dev2
-10.10.43.194 ansible_port=2222 ansible_user=dev2
-10.10.43.199 ansible_port=2222 ansible_user=dev2
-10.10.43.195 ansible_port=2222 ansible_user=dev2
-10.10.43.196 ansible_port=2222 ansible_user=dev2
-10.10.43.197 ansible_port=2222 ansible_user=dev2
-10.10.43.200 ansible_port=2222 ansible_user=dev2
-10.10.43.201 ansible_port=2222 ansible_user=dev2
-10.10.43.202 ansible_port=2222 ansible_user=dev2
-10.10.43.203 ansible_port=2222 ansible_user=dev2
-10.10.43.204 ansible_port=2222 ansible_user=dev2
-10.10.43.205 ansible_port=2222 ansible_user=dev2
-10.10.43.206 ansible_port=2222 ansible_user=dev2
-10.10.43.207 ansible_port=2222 ansible_user=dev2
-10.10.43.208 ansible_port=2222 ansible_user=dev2
-10.10.43.210 ansible_port=2222 ansible_user=dev2
-10.10.43.211 ansible_port=2222 ansible_user=dev2
-10.10.43.212 ansible_port=2222 ansible_user=dev2
-10.10.43.213 ansible_port=2222 ansible_user=dev2
-10.10.43.214 ansible_port=2222 ansible_user=dev2
-10.10.43.215 ansible_port=2222 ansible_user=dev2
-10.10.43.216 ansible_port=2222 ansible_user=dev2
-10.10.43.217 ansible_port=2222 ansible_user=dev2
-10.10.43.218 ansible_port=2222 ansible_user=dev2
-10.10.43.224 ansible_port=2222 ansible_user=dev2
-10.10.43.225 ansible_port=2222 ansible_user=dev2
-10.10.43.226 ansible_port=2222 ansible_user=dev2
-10.10.43.227 ansible_port=2222 ansible_user=dev2
-10.10.43.228 ansible_port=2222 ansible_user=dev2
-10.10.43.235 ansible_port=2222 ansible_user=dev2
-10.10.43.236 ansible_port=2222 ansible_user=dev2
-10.10.43.252 ansible_port=2222 ansible_user=dev2
+10.10.43.97 ansible_port=2222 ansible_user=dev2
+10.10.43.240 ansible_port=2222 ansible_user=dev2-iac 
+10.10.43.241 ansible_port=2222 ansible_user=dev2-iac 
+10.10.43.242 ansible_port=2222 ansible_user=dev2-iac 
+10.10.43.243 ansible_port=2222 ansible_user=dev2-iac 
+
+; 10.10.43.100 ansible_port=2222 ansible_user=dev2 
+; 10.10.43.101 ansible_port=2222 ansible_user=dev2
+; 10.10.43.105 ansible_port=2222 ansible_user=dev2
+; 10.10.43.106 ansible_port=2222 ansible_user=dev2
+; 10.10.43.111 ansible_port=2222 ansible_user=dev2
+; 10.10.43.112 ansible_port=2222 ansible_user=dev2
+; 10.10.43.113 ansible_port=2222 ansible_user=dev2
+; 10.10.43.114 ansible_port=2222 ansible_user=dev2
+; 10.10.43.115 ansible_port=2222 ansible_user=dev2
+; 10.10.43.116 ansible_port=2222 ansible_user=dev2
+; 10.10.43.117 ansible_port=2222 ansible_user=dev2
+; 10.10.43.118 ansible_port=2222 ansible_user=dev2
+; 10.10.43.119 ansible_port=2222 ansible_user=dev2
+; 10.10.43.120 ansible_port=2222 ansible_user=dev2
+; 10.10.43.121 ansible_port=2222 ansible_user=dev2
+; 10.10.43.122 ansible_port=2222 ansible_user=dev2
+; 10.10.43.123 ansible_port=2222 ansible_user=dev2
+; 10.10.43.124 ansible_port=2222 ansible_user=dev2
+; 10.10.43.125 ansible_port=2222 ansible_user=dev2
+; 10.10.43.126 ansible_port=2222 ansible_user=dev2
+; 10.10.43.127 ansible_port=2222 ansible_user=dev2
+; 10.10.43.128 ansible_port=2222 ansible_user=dev2
+; 10.10.43.129 ansible_port=2222 ansible_user=dev2
+; 10.10.43.130 ansible_port=2222 ansible_user=dev2
+; 10.10.43.131 ansible_port=2222 ansible_user=dev2
+; 10.10.43.132 ansible_port=2222 ansible_user=dev2
+; 10.10.43.133 ansible_port=2222 ansible_user=dev2
+; 10.10.43.134 ansible_port=2222 ansible_user=dev2
+; 10.10.43.135 ansible_port=2222 ansible_user=dev2
+; 10.10.43.136 ansible_port=2222 ansible_user=dev2
+; 10.10.43.137 ansible_port=2222 ansible_user=dev2
+; 10.10.43.138 ansible_port=2222 ansible_user=dev2
+; 10.10.43.139 ansible_port=2222 ansible_user=dev2
+; 10.10.43.140 ansible_port=2222 ansible_user=dev2
+; 10.10.43.141 ansible_port=2222 ansible_user=dev2
+; 10.10.43.142 ansible_port=2222 ansible_user=dev2
+; 10.10.43.143 ansible_port=2222 ansible_user=dev2
+; 10.10.43.144 ansible_port=2222 ansible_user=dev2
+; 10.10.43.145 ansible_port=2222 ansible_user=dev2
+; 10.10.43.146 ansible_port=2222 ansible_user=dev2
+; 10.10.43.147 ansible_port=2222 ansible_user=dev2
+; 10.10.43.148 ansible_port=2222 ansible_user=dev2
+; 10.10.43.151 ansible_port=2222 ansible_user=dev2
+; 10.10.43.152 ansible_port=2222 ansible_user=dev2
+; 10.10.43.153 ansible_port=2222 ansible_user=dev2
+; 10.10.43.164 ansible_port=2222 ansible_user=dev2
+; 10.10.43.165 ansible_port=2222 ansible_user=dev2
+; 10.10.43.166 ansible_port=2222 ansible_user=dev2
+; 10.10.43.167 ansible_port=2222 ansible_user=dev2
+; 10.10.43.168 ansible_port=2222 ansible_user=dev2
+; 10.10.43.169 ansible_port=2222 ansible_user=dev2
+; 10.10.43.171 ansible_port=2222 ansible_user=dev2
+; 10.10.43.172 ansible_port=2222 ansible_user=dev2
+; 10.10.43.173 ansible_port=2222 ansible_user=dev2
+; 10.10.43.174 ansible_port=2222 ansible_user=dev2
+; 10.10.43.175 ansible_port=2222 ansible_user=dev2
+; 10.10.43.176 ansible_port=2222 ansible_user=dev2
+; 10.10.43.177 ansible_port=2222 ansible_user=dev2
+; 10.10.43.178 ansible_port=2222 ansible_user=dev2
+; 10.10.43.179 ansible_port=2222 ansible_user=dev2
+; 10.10.43.180 ansible_port=2222 ansible_user=dev2
+; 10.10.43.181 ansible_port=2222 ansible_user=dev2
+; 10.10.43.182 ansible_port=2222 ansible_user=dev2
+; 10.10.43.185 ansible_port=2222 ansible_user=dev2
+; 10.10.43.186 ansible_port=2222 ansible_user=dev2
+; 10.10.43.187 ansible_port=2222 ansible_user=dev2
+; 10.10.43.188 ansible_port=2222 ansible_user=dev2
+; 10.10.43.189 ansible_port=2222 ansible_user=dev2
+; 10.10.43.190 ansible_port=2222 ansible_user=dev2
+; 10.10.43.191 ansible_port=2222 ansible_user=dev2
+; 10.10.43.192 ansible_port=2222 ansible_user=dev2
+; 10.10.43.193 ansible_port=2222 ansible_user=dev2
+; 10.10.43.194 ansible_port=2222 ansible_user=dev2
+; 10.10.43.199 ansible_port=2222 ansible_user=dev2
+; 10.10.43.195 ansible_port=2222 ansible_user=dev2
+; 10.10.43.196 ansible_port=2222 ansible_user=dev2
+; 10.10.43.197 ansible_port=2222 ansible_user=dev2
+; 10.10.43.200 ansible_port=2222 ansible_user=dev2
+; 10.10.43.201 ansible_port=2222 ansible_user=dev2
+; 10.10.43.202 ansible_port=2222 ansible_user=dev2
+; 10.10.43.203 ansible_port=2222 ansible_user=dev2
+; 10.10.43.204 ansible_port=2222 ansible_user=dev2
+; 10.10.43.205 ansible_port=2222 ansible_user=dev2
+; 10.10.43.206 ansible_port=2222 ansible_user=dev2
+; 10.10.43.207 ansible_port=2222 ansible_user=dev2
+; 10.10.43.208 ansible_port=2222 ansible_user=dev2
+; 10.10.43.210 ansible_port=2222 ansible_user=dev2
+; 10.10.43.211 ansible_port=2222 ansible_user=dev2
+; 10.10.43.212 ansible_port=2222 ansible_user=dev2
+; 10.10.43.213 ansible_port=2222 ansible_user=dev2
+; 10.10.43.214 ansible_port=2222 ansible_user=dev2
+; 10.10.43.215 ansible_port=2222 ansible_user=dev2
+; 10.10.43.216 ansible_port=2222 ansible_user=dev2
+; 10.10.43.217 ansible_port=2222 ansible_user=dev2
+; 10.10.43.218 ansible_port=2222 ansible_user=dev2
+; 10.10.43.224 ansible_port=2222 ansible_user=dev2
+; 10.10.43.225 ansible_port=2222 ansible_user=dev2
+; 10.10.43.226 ansible_port=2222 ansible_user=dev2
+; 10.10.43.227 ansible_port=2222 ansible_user=dev2
+; 10.10.43.228 ansible_port=2222 ansible_user=dev2
+; 10.10.43.235 ansible_port=2222 ansible_user=dev2
+; 10.10.43.236 ansible_port=2222 ansible_user=dev2
+; 10.10.43.252 ansible_port=2222 ansible_user=dev2

 [nas]
 10.10.43.42 ansible_port=2222 ansible_user=exemdev2
--- a/ansible/security_check/roles/security_check/tasks/main.yml
+++ b/ansible/security_check/roles/security_check/tasks/main.yml
@@ -1,5 +1,5 @@
 ---
 - include: start.yml

- include: create_readme.yml
-  when: "'nas' in group_names"
+# - include: create_readme.yml
+#   when: "'nas' in group_names"
--- a/ansible/security_check/roles/security_check/tasks/start.yml
+++ b/ansible/security_check/roles/security_check/tasks/start.yml
@@ -6,73 +6,73 @@
  delegate_to: 127.0.0.1
  when: "'nas' in group_names"

- name: Old Result File Delete
-  shell: |
-    rm -rf /volume1/platform/05_Security_check/*
-  when: "'nas' in group_names"
+# - name: Old Result File Delete
+#   shell: |
+#     rm -rf /volume1/platform/05_Security_check/*
+#   when: "'nas' in group_names"

- name: Copy Security Check Script
-  copy:
-    src: "{{ role_path }}/files/ubuntu.sh"
-    dest: /tmp/ubuntu.sh
-  when: ansible_facts['os_family'] == 'Debian'
+# - name: Copy Security Check Script
+#   copy:
+#     src: "{{ role_path }}/files/ubuntu.sh"
+#     dest: /tmp/ubuntu.sh
+#   when: ansible_facts['os_family'] == 'Debian'

- name: Copy Security Check Script
-  copy:
-    src: "{{ role_path }}/files/rocky.sh"
-    dest: /tmp/rocky.sh
-  when: ansible_facts['os_family'] == 'RedHat'
+# - name: Copy Security Check Script
+#   copy:
+#     src: "{{ role_path }}/files/rocky.sh"
+#     dest: /tmp/rocky.sh
+#   when: ansible_facts['os_family'] == 'RedHat'

- name: Start Security Check Script (become -> true)
-  shell: |
-    chdir
-    bash /tmp/ubuntu.sh
-    rm -rf /tmp/ubuntu.sh
-  become: true
-  when: ansible_facts['os_family'] == 'Debian'
+# - name: Start Security Check Script (become -> true)
+#   shell: |
+#     chdir
+#     bash /tmp/ubuntu.sh
+#     rm -rf /tmp/ubuntu.sh
+#   become: true
+#   when: ansible_facts['os_family'] == 'Debian'

- name: Start Security Check Script (become -> true)
-  shell: |
-    chdir
-    bash /tmp/rocky.sh
-    rm -rf /tmp/rocky.sh
-  become: true
-  when: ansible_facts['os_family'] == 'RedHat'
+# - name: Start Security Check Script (become -> true)
+#   shell: |
+#     chdir
+#     bash /tmp/rocky.sh
+#     rm -rf /tmp/rocky.sh
+#   become: true
+#   when: ansible_facts['os_family'] == 'RedHat'

- name: Copy Result File to Local
-  fetch:
-    src: "/tmp/{{ ansible_hostname }}.{{ ansible_host }}.txt"
-    dest: "~/checklist/"
-    flat: yes
-  when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'RedHat'
+# - name: Copy Result File to Local
+#   fetch:
+#     src: "/tmp/{{ ansible_hostname }}.{{ ansible_host }}.txt"
+#     dest: "~/checklist/"
+#     flat: yes
+#   when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'RedHat'

- name: Delete Result File (become -> true)
-  file:
-    path: "/tmp/{{ ansible_hostname }}.txt"
-    state: absent
-  become: true
-  when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'RedHat'
+# - name: Delete Result File (become -> true)
+#   file:
+#     path: "/tmp/{{ ansible_hostname }}.txt"
+#     state: absent
+#   become: true
+#   when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'RedHat'

- name: Find Copy File Name
-  shell: ls -l ~/checklist/ | awk 'NR>1 {print $9}'
-  register: copy_file
-  delegate_to: 127.0.0.1
-  when: "'nas' in group_names"
+# - name: Find Copy File Name
+#   shell: ls -l ~/checklist/ | awk 'NR>1 {print $9}'
+#   register: copy_file
+#   delegate_to: 127.0.0.1
+#   when: "'nas' in group_names"

- debug:
-    msg: "파일 {{ copy_file.stdout_lines }} 발견"
-  when: "'nas' in group_names"
+# - debug:
+#     msg: "파일 {{ copy_file.stdout_lines }} 발견"
+#   when: "'nas' in group_names"

- name: Copy Result File to NAS
-  copy:
-    src: "~/checklist/{{ item }}"
-    dest: /volume1/platform/05_Security_check
-  with_items: "{{ copy_file.stdout_lines }}"
-  when: "'nas' in group_names"
+# - name: Copy Result File to NAS
+#   copy:
+#     src: "~/checklist/{{ item }}"
+#     dest: /volume1/platform/05_Security_check
+#   with_items: "{{ copy_file.stdout_lines }}"
+#   when: "'nas' in group_names"

- name: Delete Result File (become -> true)
-  file:
-    path: "~/checklist/"
-    state: absent
-  delegate_to: 127.0.0.1
-  when: "'nas' in group_names"
+# - name: Delete Result File (become -> true)
+#   file:
+#     path: "~/checklist/"
+#     state: absent
+#   delegate_to: 127.0.0.1
+#   when: "'nas' in group_names"