Install and configure CSF/LFD
CSF/LFD is a set of perl scripts, thus perl interpreter is required. Many popular distros comes with perl installed by default, nevertheless, this role will install perl if it is missing.
Full list of required packages (will be installed by this role) defined in csf_required_packages and csf_required_packages_dist variables.
Available variables with their default values can be found in defaults/main.yml.
None.
- hosts: servers
become: yes
roles:
- { role: likg.csf }
vars_files:
- path_to_vars.ymlFile path_to_vars.yml:
csf_global_ini:
- option: RESTRICT_SYSLOG
value: "2"
- option: URLGET
value: "2"
- option: TCP_IN
value: "80,443,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},30000:65535"
- option: TCP_OUT
value: "20,21,22,25,37,43,53,80,123,443,873,953,8080,9418,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},30000:65535"
- option: UDP_IN
value: "53"
- option: UDP_OUT
value: "20,21,43,53,113,123,58745,30000:65535"
csf_allow:
- 10.10.10.10
- 172.16.1.1/29
csf_ignore:
- 10.10.10.10
- 172.16.1.1/29
csf_pignore:
- 'exe:/usr/sbin/nginx'
- 'user:mysql'
csf_fignore:
- '/tmp/\.horde'
- '/tmp/\.horde/.*'
csf_blocklists:
- "SPAMDROP"
csf_csfpre_sh: |
#!/bin/bash
/sbin/iptables -t nat -F POSTROUTINGMIT
This role was created by Lik.