introduction to security - start [apnic training wiki] · ansible introduction 33. hosts ansible...
TRANSCRIPT
![Page 1: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/1.jpg)
Introduction to security automationwith ansible
- name: configure interface settingsios_config:lines:- description test interface- ip address 172.XX.XX.1 255.255.255.0
parents: interface Ethernet1
- name: load new acl into deviceios_config:lines:- 10 permit ip host 1.X.X.1 any log- 20 permit ip host 2.Y.Y.2 any log
parents: ip access-list extended testbefore: no ip access-list extended testmatch: exact
![Page 2: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/2.jpg)
2
:(){ :|:& };:
![Page 3: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/3.jpg)
3
alias go_home=”rm –rf /opt"
![Page 4: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/4.jpg)
>devops ?
4
![Page 5: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/5.jpg)
>devops !=
5
![Page 6: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/6.jpg)
DevOps integrates developers and operations teamsIn order to improve collaboration and productivity byautomating infrastructure, automating workflows andcontinuously measuring application performance
Dev + Ops = DevOps6
![Page 7: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/7.jpg)
Manual way
Using template (copy/paste)
Automation
Orchestration
Configuring servers/devices
7
![Page 8: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/8.jpg)
Configuring servers/devices, the manual way
Username:Password:Passphrase:TOTP:
terminal emulators
line vty 0 4access-class 10 inipv6 access-class v6_list inlogin localtransport input ssh
-A INPUT –p tcp –m tcp –-dport 22 –j ACCEPT-A OUTPUT –p tcp –m tcp –-dport 80 –j ACCEPT
8
![Page 9: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/9.jpg)
Username:Password:Passphrase:TOTP:
terminalNotepad Notepad++ Excel…..
Configuring servers/ devices, Using template (copy/paste)
line vty 0 4access-class 10 inipv6 access-class v6_list inlogin localtransport input ssh
-A INPUT –p tcp –m tcp –-dport 22 –j ACCEPT-A OUTPUT –p tcp –m tcp –-dport 80 –j ACCEPT
Ctrl+VCtrl+C
9
![Page 10: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/10.jpg)
Configuring servers/ devices, Automation
CMToolsAdmin
10
![Page 11: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/11.jpg)
Configuring servers/ devices, Orchestration
INFRACI
TeamMember
TeamMember
TeamMember
11
![Page 12: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/12.jpg)
Automation Orchestration12
Automation vs Orchestration
![Page 13: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/13.jpg)
Identical configuration
Faster deployment
Why automation ?
Avoid repeated task
Avoid typographical error (Typos)
13
![Page 14: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/14.jpg)
Desired State (no unnecessary changes)
14
![Page 15: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/15.jpg)
Tools for automation
15
![Page 16: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/16.jpg)
16
![Page 17: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/17.jpg)
• Open source IT automation tool
• Red hat Enterprise Linux, CentOS, Debian, OS X, Ubuntu etc.
• Need python
What is ANSIBLE?
17
![Page 18: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/18.jpg)
Why ANSIBLE?
• Simple
• SSH/WinRM
• Push model
• Agentless18
![Page 19: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/19.jpg)
How it works
Laptop/Desktop/Server
Copy python module
Run Moduleon device
Delete Modulefrom device
Run playbook SSH SSH
1 2 3 4
Return result
519
![Page 20: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/20.jpg)
What can be done??
• Configuration Management
• Provisioning VMs or IaaS instances
• Continuous Integration/ Continuous Development/Deployment (CI/CD)
• Configure Servers, hardware switches, routers, firewall etc.
• Security Automation
• Other (Ansible can do all of that and much more)20
![Page 21: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/21.jpg)
Security Automation
• Application Security
• Network Security
• Device hardening
• Incident Response21
![Page 22: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/22.jpg)
YAMLJinja
2 Playbooks
Facts
Inventory
RolesTask
YAML
Jinja
2
HostsPlaybooks
Facts
Inventory
RolesTask
YAML PlaybooksFacts
Inventory
RolesTaskYAML
Hosts
Playbooks
Facts
Inventory
RolesTask
YAML Jinja
2Hosts
Playbooks
Facts
Inventory
RolesTask
ANSIBLE terms
22
![Page 23: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/23.jpg)
ANSIBLE Introduction
Build a house Master Plan(small plan) work tools
Real world
Ansible world
Configure a device playbook(play, play) tasks modules
---
- hosts: ios-routers gather_facts: no connection: local
name: load new aclios_config:lines:
name: Add bannerios_config:lines:
ios_configios_commandiptables/ufwyum/apt
23
![Page 24: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/24.jpg)
• Start with - - -
• File extention .yml/.yaml
• Easy for a human to read
ANSIBLE Introduction
YAML
---
- name: PLAY-STARThosts: app_servergather_facts: nobecome: yesbecome_user: root
tasks:- name: Allow port 22/SSH trafficiptables:chain: INPUTdestination_port: 22jump: ACCEPTprotocol: tcp
24
![Page 25: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/25.jpg)
Playbook
ANSIBLE Introduction
• Tell Ansible what to do
• Send commands to remote devices
• Plain text YAML file
• Each playbook contains one or more plays
25
![Page 26: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/26.jpg)
ANSIBLE Introduction playbook sample---
- name: PLAY STARThosts: ios-routersgather_facts: noconnection: local
tasks:
- name: LOGIN INFORMATIONinclude_vars: secrets.yml
- name: ADD BANNERios_config:provider: "{{ provider }}"lines:- banner motd ^Welcom to APNIC 48^ 26
![Page 27: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/27.jpg)
Module
ANSIBLE Introduction
• Modules control system resources, packages, files.
• Can be executed directly on remote hosts or through Playbooks
• Over 450 ships with Ansible
• User can also write their own modules
27
![Page 28: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/28.jpg)
ANSIBLE Introduction (modules)
https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
28
![Page 29: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/29.jpg)
Task
ANSIBLE Introduction
• At a basic level, a task is nothing more than a call to an ansible module
• Task run sequentially
29
![Page 30: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/30.jpg)
ANSIBLE Introduction task sample- name: Allow ssh access from admins IP
ufw:rule: allowsrc: '{{ item }}'proto: tcpport: 22
loop:- 192.XX.XX.10/32- 192.XX.XX.11/32
- name: Allow mysql accessufw:rule: allowsrc: '{{ item }}'proto: tcpport: 3306
loop:- 172.XX.XX.ZZ/32 30
![Page 31: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/31.jpg)
Task Task Task
ModuleModule Module
Play Play Play
123
123
123
Playbook
ANSIBLE Introduction
31
![Page 32: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/32.jpg)
- name: PLAY-FOR-IOS-ROUTER- hosts: all-ios
gather_facts: noconnection: local
tasks:
- name: OBTAIN LOGIN INFORMATIONinclude_vars: secrets.yml
- name: DEFINE PROVIDERset_fact:
provider:host: "{{ ansible_host }}"username: "{{ creds['username'] }}"password: "{{ creds['password'] }}"auth_pass: "{{ creds['auth_pass'] }}"
- name: ADD BANNERios_config:
provider: "{{ provider }}"authorize: yeslines:
- banner motd ^Welcom to APNIC48^
Play
taskModule
taskModule
taskModule
1
2
3
Playbook
ANSIBLE Introduction
32
![Page 33: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/33.jpg)
---
- name: PLAY for creating dropltes in DOhosts: do_serverconnection: localgather_facts: false
vars:ansible_python_interpreter: /usr/bin/pythondo_token: YOUR_SECRET_TOKEN
tasks:- name: create droplets on region SGP1digital_ocean_droplet:oauth_token: "{{ do_token }}"unique_name: yesregion: sgp1image: ubuntu-18-04-x64wait_timeout: 500name: "{{ item }}"size_id: s-1vcpu-1gbstate: presentssh_keys: [ ‘YOUR_DO_SSH_KEY_ID' ]
register: created_dropletswith_items:- sensor1- sensor2
Play
taskModulePlaybook
ANSIBLE Introduction
33
![Page 34: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/34.jpg)
Hosts
ANSIBLE Introduction
• List of devices or group of devices where ansible push configuration
• Name and variable assign
• Default location /etc/ansible/hosts
• Can make your own
34
![Page 35: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/35.jpg)
ANSIBLE Introduction Hosts file sample
[ios-routers]R_2691 ansible_host=192.168.45.3R_3745 ansible_host=192.168.45.4
[v6-router]R_7200 ansible_host=2001:db8::1001::1
[db-servers]db1 ansible_host=10.XX.XX.1
[web-servers]Web1 ansible_host=172.XX.XX.10
INI-like (one of Ansible defaults)
35
![Page 36: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/36.jpg)
ANSIBLE Introduction Hosts file sample
[ubuntu_srv]server1 ansible_host=10.XX.XX.228
[centos_srv]server2 ansible_host=10.XX.XX.140
[ubuntu_srv:vars]ansible_python_interpreter=/usr/bin/python3
[centos_srv:vars]ansible_python_interpreter=/usr/bin/python
[servers:children]ubuntu_srvcentos_srv
INI-like (one of Ansible defaults)
36
![Page 37: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/37.jpg)
Inventory
ANSIBLE Introduction
• Collections of files or directories inside a directory
• ansible-playbook -i <directory-name> playbook.yml
• Can have (not mandetory)
• hosts (file)• host_vars (dir)• group_vars (dir)
• Can be accessed across multiple roles 37
![Page 38: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/38.jpg)
Ansible encryption decryption
38
![Page 39: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/39.jpg)
ANSIBLE Security
Ansible Vault• It keeps sensitive data such as password, keys, variable
name in encrypted format
• Need a password while encrypting, decrypting and running
• ansible-vault is the keyword along withencrypt, decrypt, view, etc. parameter
39
![Page 40: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/40.jpg)
ANSIBLE Security
Ansible Vault---
---creds: username: "imtiaz" password: ”password" auth_pass: ”password”
$ANSIBLE_VAULT;1.1;AES25664336464316462326639336536656161356630336230393334366230653866373635386261643432
ansible-vault encrypt secretfile.yml40
![Page 41: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/41.jpg)
Installing Ansible
yum, rpm, apt-get, emerge, pkg, brew, github
Python 2.6 or above for the control machine and python 2.X or later for managed node
http://docs.ansible.com/ansible/latest/intro_installation.html
41
![Page 42: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/42.jpg)
How to run
• ansible <inventory> -m <module>
• ansible-playbook
• Ansible tower ($$)
• Ansible AWX project (it’s free)
42
![Page 44: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/44.jpg)
Hands on LAB
44
![Page 45: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/45.jpg)
Inside the VM
ubuntu
Ubuntu 18.04
server1 server2
LXD container
45
![Page 46: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/46.jpg)
LAB 1: SSH Tuning(disallow password authentication,
disallow root access,auto logout inactive user)
46
![Page 47: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/47.jpg)
LAB 2: iptables(Open/block ports,
define policy for chain)
47
![Page 48: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/48.jpg)
LAB 3: ufw(enable ufw,
Open/block ports, define customize port )
48
![Page 49: Introduction to security - start [APNIC TRAINING WIKI] · ANSIBLE Introduction 33. Hosts ANSIBLE Introduction •List of devices or group of devices where ansiblepush configuration](https://reader036.vdocuments.site/reader036/viewer/2022062505/5ed3c278a0e09216242fe78e/html5/thumbnails/49.jpg)
LAB 4: kernel tweaks(ip forwarding, ddos mitigation,
reverse path filtering)
49