Using Ansible Modules to Manage Security in Your Environment

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

Security is paramount in many industries today. Ansible can help make sure your environment is set up as your security office requires by pushing out changes and ensuring that current settings are live. In this lab, we’ll practice firewall and SELinux configuration.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Ensure Ports 80 and 22 Are the Only Open Ports on Webservers

Your playbook should look similar to the following:

```
---
- name: webserver firewall rules
  hosts: webservers
  become: yes

  tasks:
   - name: ssh firewall rules
     firewalld:
      permanent: yes
      state: enabled
      immediate: yes
      service: ssh

   - name: http firewall rules
     firewalld:
      permanent: yes
      state: enabled
      immediate: yes
      service: http
```
Ensure Ports 5432 and 22 Are the Only Open Ports on dbservers

Your playbook should contain something similar to the following:

```
- name: Set up firewalls on dbservers
  hosts: webservers
  become: yes

  tasks:
   - name: ssh firewall rules
     firewalld:
      permanent: yes
      state: enabled
      immediate: yes
      service: ssh

   - name: postgres rules
     firewalld:
      permanent: yes
      state: enabled
      immediate: yes
      service: postgresql
```
Enable SELinux on All Servers

Your playbook should look similar to the following:

```
- name: SELinux
  hosts: all
  become: yes

  tasks:
   - name: Enable SELinux
     selinux:
      state: enforcing
      policy: targeted
```

Additional Resources

Scenario

Your security team is interested in your Ansible proof of concept setup. They'd like to see if it could help them in ensuring that firewalls are set up correctly and that SELinux is running throughout your environment.

Write a playbook to restrict open ports to only the relevant ones on webservers and dbservers, and enable SELinux on all servers in the environment.


Log in to the lab using the credentials provided:

ssh cloud_user@<PUBLIC IP ADDRESS>

Become the root user:

sudo -i

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?