Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- main.yaml
- ---
- - name: Konfigurasi Port IP Services
- hosts: routers
- gather_facts: no
- tasks:
- - name: Nonaktifkan layanan FTP IP
- community.routeros.command:
- commands:
- - "/ip service set ftp disabled=yes"
- - name: Nonaktifkan layanan Telnet IP
- community.routeros.command:
- commands:
- - "/ip service set telnet disabled=yes"
- - name: Nonaktifkan layanan WWW IP
- community.routeros.command:
- commands:
- - "/ip service set www disabled=yes"
- - "/ip service set www-ssl disabled=yes"
- - name: Nonaktifkan API
- community.routeros.command:
- commands:
- - "/ip service set api disabled=yes"
- - name: Nonaktifkan API SSL
- community.routeros.command:
- commands:
- - "/ip service set api-ssl disabled=yes"
- - name: Nonaktifkan unnecessary tools
- hosts: routers
- gather_facts: no
- tasks:
- - name: Nonaktifkan BTest Server
- community.routeros.command:
- commands:
- - "/tool bandwidth-server set enabled=no authenticate=yes"
- - name: Firewall filter memcrashed
- hosts: routers
- gather_facts: no
- tasks:
- - name: Drop UDP memcrashed
- community.routeros.command:
- commands:
- - "/ip firewall filter add chain=input dst-port=11211 protocol=udp action=drop comment=\"Memcrashed - Amplification Attacks UDP 11211\""
- - "/ip firewall filter add chain=forward dst-port=11211 protocol=udp action=drop comment=\"Memcrashed - Amplification Attacks UDP 11211\""
- #menambahkan_anti_port_scanner
- - name: Anti port scanner
- hosts: routers
- gather_facts: no
- tasks:
- - name: Drop port scanners
- community.routeros.command:
- commands:
- - "/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"Mark Source ip port scanner to Address list\" disabled=no"
- - "/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"NMAP FIN Stealth scan\""
- - "/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"SYN/FIN scan\""
- - "/ip firewall filter add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"SYN/RST scan\""
- - "/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"FIN/PSH/URG scan\""
- - "/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"ALL/ALL scan\""
- - "/ip firewall filter add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=\"port scanners\" address-list-timeout=2w comment=\"NMAP NULL scan\""
- - "/ip firewall filter add chain=input src-address-list=\"port scanners\" action=drop comment=\"Drop port scanners\" disabled=no"
- #mengaktifkan_SNMP
- - name: Mengaktifkan SNMP
- hosts: routers
- gather_facts: no
- tasks:
- - name: Aktifkan SNMP
- community.routeros.command:
- commands:
- - "/snmp set enabled=yes"
- - name: Atur trap community
- community.routeros.command:
- commands:
- - "/snmp set trap-community=public"
- - name: Atur trap version
- community.routeros.command:
- commands:
- - "/snmp set trap-version=3"
- #disable_admin.yaml
- - name: Menonaktifkan pengguna admin
- hosts: routers
- gather_facts: no
- tasks:
- - name: Menonaktifkan pengguna admin
- community.routeros.command:
- commands:
- - "/user disable [ find name=admin ]"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement