API tools faq
paste
Advertisement
ZX_CV

main.yaml

ZX_CV
Apr 28th, 2024
926
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
YAML 4.03 KB | None | 0 0
raw download clone embed print report
  1. main.yaml
  2.  
  3. ---
  4. - name: Konfigurasi Port IP Services
  5.   hosts: routers
  6.   gather_facts: no
  7.   tasks:
  8.     - name: Nonaktifkan layanan FTP IP
  9.       community.routeros.command:
  10.         commands:
  11.          - "/ip service set ftp disabled=yes"
  12.     - name: Nonaktifkan layanan Telnet IP
  13.       community.routeros.command:
  14.         commands:
  15.          - "/ip service set telnet disabled=yes"
  16.     - name: Nonaktifkan layanan WWW IP
  17.       community.routeros.command:
  18.         commands:
  19.          - "/ip service set www disabled=yes"
  20.           - "/ip service set www-ssl disabled=yes"
  21.     - name: Nonaktifkan API
  22.       community.routeros.command:
  23.         commands:
  24.          - "/ip service set api disabled=yes"
  25.     - name: Nonaktifkan API SSL
  26.       community.routeros.command:
  27.         commands:
  28.          - "/ip service set api-ssl disabled=yes"
  29.  
  30. - name: Nonaktifkan unnecessary tools
  31.   hosts: routers
  32.   gather_facts: no
  33.   tasks:
  34.     - name: Nonaktifkan BTest Server
  35.       community.routeros.command:
  36.         commands:
  37.          - "/tool bandwidth-server set enabled=no authenticate=yes"
  38.  
  39. - name: Firewall filter memcrashed
  40.   hosts: routers
  41.   gather_facts: no
  42.   tasks:
  43.     - name: Drop UDP memcrashed
  44.       community.routeros.command:
  45.         commands:
  46.          - "/ip firewall filter add chain=input dst-port=11211 protocol=udp action=drop comment=\"Memcrashed - Amplification Attacks UDP 11211\""
  47.           - "/ip firewall filter add chain=forward dst-port=11211 protocol=udp action=drop comment=\"Memcrashed - Amplification Attacks UDP 11211\""
  48.  
  49. #menambahkan_anti_port_scanner
  50. - name: Anti port scanner
  51.   hosts: routers
  52.   gather_facts: no
  53.   tasks:
  54.     - name: Drop port scanners
  55.       community.routeros.command:
  56.         commands:
  57.          - "/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"Mark Source ip port scanner to Address list\" disabled=no"
  58.           - "/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"NMAP FIN Stealth scan\""
  59.           - "/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"SYN/FIN scan\""
  60.           - "/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"SYN/RST scan\""
  61.           - "/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"FIN/PSH/URG scan\""
  62.           - "/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"ALL/ALL scan\""
  63.           - "/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"NMAP NULL scan\""
  64.           - "/ip firewall filter add chain=input src-address-list=\"port scanners\" action=drop comment=\"Drop port scanners\" disabled=no"
  65.  
  66. #mengaktifkan_SNMP
  67. - name: Mengaktifkan SNMP
  68.   hosts: routers
  69.   gather_facts: no
  70.   tasks:
  71.     - name: Aktifkan SNMP
  72.       community.routeros.command:
  73.         commands:
  74.          - "/snmp set enabled=yes"
  75.  
  76.     - name: Atur trap community
  77.       community.routeros.command:
  78.         commands:
  79.          - "/snmp set trap-community=public"
  80.  
  81.     - name: Atur trap version
  82.       community.routeros.command:
  83.         commands:
  84.          - "/snmp set trap-version=3"
  85.  
  86. #disable_admin.yaml
  87. - name: Menonaktifkan pengguna admin
  88.   hosts: routers
  89.   gather_facts: no
  90.   tasks:
  91.     - name: Menonaktifkan pengguna admin
  92.       community.routeros.command:
  93.         commands:
  94.          - "/user disable [ find name=admin ]"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!