AFTR.yml

---
-  hosts: localhost
   any_errors_fatal: true
   gather_facts: no

   tasks:
   - name: Update the machine
     tags: upd
     yum:
       update_only: yes


   - name: Install General Essential packages
     tags: essentials
     yum: 
       name: 
         - nano
         - net-tools
         - tcpdump
         - nmap
         - wireshark
         - git
         - wget
         - iproute
         - psmisc
         - yum-utils
         - chrony
         - telnet
         - iptables-services
         - conntrack
         - gcc
       state: present

   - name: Install several packages in case of deleting iptables
     tags: iptables
     yum: 
       name: 
         - iptables
         - iproute
         - dhclient
         - plymouth
         - initscripts
         - kbd
         - kexec-tools
         - dracut
         - firewalld
         - iptables-services
         - mlocate
       state: present


   - name: Set the timezone.
     tags: NTP
     shell: |
       timedatectl set-ntp true
       timedatectl set-timezone Europe/Berlin



   - name: Create networking (IP routes) file 
     tags: routing
     ansible.builtin.template:
       src: /root/DS-Lite_Test_Bed/files/AFTR-networking.txt
       dest: /root/networking.sh
       owner: root
       mode: '755'


   - name: Run networking.sh
     tags: routing
     shell: |
       cd 
       ./networking.sh

   - name: Create ssh Brute-Force protection ip6tables rules
     tags: mitigation
     ansible.builtin.template:
       src: /root/DS-Lite_Test_Bed/files/AFTR-SSH-Protection.txt
       dest: /root/ssh-protection.sh
       owner: root
       mode: '755'

   - name: Run ssh-protection.sh
     tags: mitigation
     shell: |
       cd 
       ./ssh-protection.sh

   - name: Create source-port extracting script
     tags: dns64perf++
     ansible.builtin.template:
       src: /root/DS-Lite_Test_Bed/files/src-port.txt
       dest: /root/src-port
       owner: root
       mode: '755'

   - name: Set netfilter parameters such as hashize and nf_conntrack_max
     tags: netfilter
     shell: |
       echo "16384" > /sys/module/nf_conntrack/parameters/hashsize 
       echo "131072" > /proc/sys/net/netfilter/nf_conntrack_max