mirror of
https://github.com/trailofbits/algo.git
synced 2025-06-11 17:43:57 +02:00
Drop SMB traffic ##61
This commit is contained in:
parent
ae33103ca8
commit
cfc38e3df1
6 changed files with 28 additions and 2 deletions
|
@ -34,6 +34,8 @@
|
|||
dns_enabled: "{{ dns_enabled }}"
|
||||
auditd_enabled: " {{ auditd_enabled }}"
|
||||
easyrsa_p12_export_password: "{{ easyrsa_p12_export_password }}"
|
||||
cloud_provider: digitalocean
|
||||
ipv6_support: yes
|
||||
|
||||
- name: Wait for SSH to become available
|
||||
local_action: "wait_for port=22 host={{ do.droplet.ip_address }} timeout=320"
|
||||
|
|
|
@ -72,6 +72,8 @@
|
|||
dns_enabled: "{{ dns_enabled }}"
|
||||
auditd_enabled: " {{ auditd_enabled }}"
|
||||
easyrsa_p12_export_password: "{{ easyrsa_p12_export_password }}"
|
||||
cloud_provider: ec2
|
||||
ipv6_support: no
|
||||
with_items: "{{ ec2.instances }}"
|
||||
|
||||
- name: Wait for SSH to become available
|
||||
|
|
|
@ -23,6 +23,8 @@
|
|||
dns_enabled: "{{ dns_enabled }}"
|
||||
auditd_enabled: " {{ auditd_enabled }}"
|
||||
easyrsa_p12_export_password: "{{ easyrsa_p12_export_password }}"
|
||||
cloud_provider: gce
|
||||
ipv6_support: no
|
||||
|
||||
- name: Firewall configured
|
||||
local_action:
|
||||
|
|
|
@ -50,7 +50,7 @@
|
|||
to_destination: fcaa::1:53
|
||||
ip_version: ipv6
|
||||
notify:
|
||||
- save iptables
|
||||
- save iptables
|
||||
|
||||
- name: Dnsmasq enabled and started
|
||||
service: name=dnsmasq state=started enabled=yes
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
- name: restart rsyslog
|
||||
service: name=rsyslog state=restarted
|
||||
|
||||
|
||||
- name: save iptables
|
||||
command: service netfilter-persistent save
|
||||
|
||||
- name: flush routing cache
|
||||
shell: echo 1 > /proc/sys/net/ipv4/route/flush
|
||||
|
|
|
@ -98,3 +98,20 @@
|
|||
|
||||
- name: Do not send ICMP redirects (we are not a router)
|
||||
sysctl: name=net.ipv4.conf.all.send_redirects value=0
|
||||
|
||||
- name: Drop SMB traffic
|
||||
iptables:
|
||||
table: filter
|
||||
chain: FORWARD
|
||||
protocol: tcp
|
||||
source: 0.0.0.0/0
|
||||
destination: 0.0.0.0/0
|
||||
destination_port: "{{ item }}"
|
||||
jump: DROP
|
||||
action: insert
|
||||
with_items:
|
||||
- 137
|
||||
- 139
|
||||
- 445
|
||||
notify:
|
||||
- save iptables
|
||||
|
|
Loading…
Add table
Reference in a new issue