viosecure – Configures security hardening rules and firewall¶
Synopsis¶
Activates and deactivates security hardening rules.
Configures and unconfigures the firewall settings of the network.
Requirements¶
The below requirements are needed on the host that executes this module.
VIOS >= 2.2.5.0
Python >= 2.7
Parameters¶
- level (optional, str, None)
Specifies the security level settings to choose.
Specifying
high
security level might cause stability or serviceability issues especially in a cluster environment.Mutually exclusive with file.
- rule (optional, str, None)
Specifies the name of the rule to be applied.
- file (optional, str, None)
Specifies the security rules file to be applied.
Mutually exclusive with level.
- firewall (optional, dict, None)
Specifies the firewall state and rules.
- ipv4 (optional, dict, None)
Specifies the IPv4 firewall state and rules.
- active (optional, bool, None)
Specifies the state of the firewall.
- default (optional, bool, None)
Load default firewall rules.
Mutually exclusive with rules.
- rules (optional, list, None)
Specifies the list of firewall rules.
- present (optional, bool, True)
Specifies whether the rule should be present or not.
- port (True, str, None)
Specifies the port number or a service name from the
/etc/services
file.All the IP activity to and from that local port is allowed.
- interface (optional, str, None)
Specifies the network interface name, like
en0
.- remote (optional, bool, False)
Specifies that the port is a remote port.
All the IP activity to and from that remote port is allowed.
- address (optional, str, None)
IP address.
- timeout (optional, str, None)
Timeout period.
The timeout period can be specified as a number (in seconds), or with a number followed by
m
(minutes),h
(hours), ord
(days). The maximum timeout period is 30 days.- ipv6 (optional, dict, None)
Specifies the IPv6 firewall state and rules.
- active (optional, bool, None)
Specifies the state of the firewall.
- default (optional, bool, None)
Load default firewall rules.
Mutually exclusive with rules.
- rules (optional, list, None)
Specifies the list of firewall rules.
- present (optional, bool, True)
Specifies whether the rule should be present or not.
- port (True, str, None)
Specifies the port number or a service name from the
/etc/services
file.All the IP activity to and from that local port is allowed.
- interface (optional, str, None)
Specifies the network interface name, like
en0
.- remote (optional, bool, False)
Specifies that the port is a remote port.
All the IP activity to and from that remote port is allowed.
- address (optional, str, None)
IP address.
- timeout (optional, str, None)
Timeout period.
The timeout period can be specified as a number (in seconds), or with a number followed by
m
(minutes),h
(hours), ord
(days). The maximum timeout period is 30 days.
Notes¶
Note
Applying a
high
security profile might cause stability or serviceability issues especially if the VIOS is part of a cluster environment.
Examples¶
- name: Apply all of the low system security settings to the system
viosecure:
level: low
- name: Apply security rules from file myfile
viosecure:
file: myfile
- name: Apply the single rule lls_maxage
viosecure:
level: low
rule: lls_maxage
- name: Allow the users from IP address 10.10.10.10 to rlogin
viosecure:
firewall:
ipv4:
active: yes
rules:
- present: yes
port: "login"
address: "10.10.10.10"
- name: Allow users to rlogin for seven days
viosecure:
firewall:
ipv4:
active: yes
rules:
- present: yes
port: "login"
timeout: "7d"
- name: Allow rsh client activity through interface en0
viosecure:
firewall:
ipv4:
active: yes
rules:
- present: yes
port: 514
remote: yes
interface: "en0"
- name: Load default firewall rules
viosecure:
firewall:
ipv4:
active: yes
default: yes
Return Values¶
- msg (always, str, )
The execution message.
- stdout (always, str, )
The standard output
- stderr (always, str, )
The standard error
- firewall (always, dict, )
The current firewall settings