install_new_centos7.yml

---
- hosts: testing

  tasks:

### Set hostname
  - name: Set hostname
    hostname:
        name: node1.local

### Set timezone Europe/Moscow
  - name: Set timezone Europe/Moscow
    timezone:
        name: Europe/Moscow
    
### Install default packages
  - name: Install default packages
    yum: name={{ item }} state=latest
    with_items:
        - epel-release
        - htop
        - vim
        - bash-completion
        - nmap
        - tcpdump
        - net-tools
        - bind-utils

### SSH 
# PermitRootLogin no
# PermitEmptyPasswords no
# PasswordAuthentication no
# Banner /etc/ssh/banner
# /etc/motd

### SELinux
  - name: Disable SELinux
    selinux:
        state: disabled

### Firewalld
  - name: Stop & disabled firewalld
    systemd:
        name: firewalld
        state: stopped
        enabled: no
        masked: yes

### Iptables
  - name: Install iptables
    yum:
        name: iptables-services
        state: latest

  - name: Set default iptables config from template
    template:
        src: templates/iptables.rules.v4.j2
        dest: /etc/sysconfig/iptables
        owner: root
        group: root
        mode: 0600

  - name: Start & enable iptables
    systemd:
        name: iptables
        state: started
        enabled: yes
        masked: no

### Fail2ban 
  - name: Install fail2ban
    yum:
        name: fail2ban
        state: latest
# cp jail.conf jail.local
# sshd enabled
# bantime = 600
# findtime = 600
# maxretry = 5
# destemail = root@localhost
# sender = root@localhost
# mta = sendmail

  - name: Start & enable fail2ban
    systemd:
        name: fail2ban
        state: started
        enabled: yes
        masked: no

### Zabbix-agent
  - name: Install zabbix-agent rpm repo
    yum:
        name: https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-1.el7.noarch.rpm
        state: present

  - name: Install zabbix-agent
    yum:
        name: zabbix-agent
        state: latest

  - name: Config zabbix-agent
    template:
        src: templates/zabbix_agentd.conf.j2
        dest: /etc/zabbix/zabbix_agentd.conf
        owner: root
        group: root
        mode: 0644

  - name: Start & enable zabbix-agent
    systemd:
        name: zabbix-agent
        state: started
        enabled: yes
        masked: no