Ansible Role: CSF/LFD

This role installs and sets up CSF/LFD.

Requirements

CSF/LFD requires Perl scripts, so you need the Perl interpreter. Most popular distributions come with Perl already installed, but this role will install it if it's not found.

You can see a full list of required packages that this role will install in the csf_required_packages and csf_required_packages_dist variables.

Role Variables

You can find available variables and their default values in defaults/main.yml.

Dependencies

None.

Example Playbook

Here's how to use this role in a playbook:

- hosts: servers
  become: yes
  roles:
    - { role: likg.csf }
  vars_files:
    - path_to_vars.yml

In the file path_to_vars.yml, you can define your settings like this:

csf_global_ini:
  - option: RESTRICT_SYSLOG
    value: "2"
  - option: URLGET
    value: "2"
  - option: TCP_IN
    value: "80,443,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},30000:65535"
  - option: TCP_OUT
    value: "20,21,22,25,37,43,53,80,123,443,873,953,8080,9418,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},30000:65535"
  - option: UDP_IN
    value: "53"
  - option: UDP_OUT
    value: "20,21,43,53,113,123,58745,30000:65535"

csf_allow:
  - 10.10.10.10
  - 172.16.1.1/29

csf_ignore:
  - 10.10.10.10
  - 172.16.1.1/29

csf_pignore:
  - 'exe:/usr/sbin/nginx'
  - 'user:mysql'

csf_fignore:
  - '/tmp/\.horde'
  - '/tmp/\.horde/.*'

csf_blocklists:
  - "SPAMDROP"

csf_csfpre_sh: |
  #!/bin/bash
  /sbin/iptables -t nat -F POSTROUTING

License

MIT License

Author Information

This role is created by Lik.