Using Ansible Modules to Manage Security in Your Environment

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

Security is paramount in many industries today. Ansible can help you make sure your environment is set up as your security office requires by pushing out changes and ensuring that current settings are live. In this lab we’ll practice firewall and SELinux configuration.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Ensure port 80 and 22 are the only open ports on webservers.

Your playbook should look similar to the following:

 ---
- name: webserver firewall rules
  hosts: webservers
  become: yes

  tasks:
   - name: ssh firewall rules
     firewalld:
      permanent: yes
      state: enabled
      immediate: yes
      service: ssh

   - name: http firewall rules 
     firewalld:
      permanent: yes
      state: enabled
      immediate: yes
      service: http
Ensure port 5432 and 22 are the only open ports on dbservers

Your playbook should contain something similar to the following:

 - name: db firewall rules
  hosts: dbservers
  become: yes

  tasks:
   - name: ssh firewall rules
     firewalld:
      permanent: yes
      state: enabled
      immediate: yes
      service: ssh

   - name: postgresql firewall rules 
     firewalld:
      permanent: yes
      state: enabled
      immediate: yes
      service: postgresql
Enable SELinux on all servers

Your playbook should look similar to the following:

- name: SELinux
  hosts: all
  become: yes

  tasks:
   - name: Enable SELinux
     selinux:
      state: enforcing
      policy: targeted

Additional Resources

Notice: Ansible is installed as the root user, so please work on all tasks after elevating to the root user.

Your Security team has become interested in your Ansible proof of concept setup. They'd like to see if it could help them in ensuring that firewalls are set up correctly and that SELinux is running throughout your environment.

Write a playbook to restrict open ports to only the relevant ones on webservers and dbservers, and enable SELinux on all servers in the environment.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?