From b2a5151b472bb70098838d2058641b70f748d5d0 Mon Sep 17 00:00:00 2001
From: ogrechko <ogrechko@top-sysops.ru>
Date: Fri, 5 Dec 2025 08:33:05 +0000
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D1=82?=
 =?UTF-8?q?=D1=8C=20test-playbooks/change=5Fssh=5Fport.yml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 test-playbooks/change_ssh_port.yml | 66 ++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 test-playbooks/change_ssh_port.yml

diff --git a/test-playbooks/change_ssh_port.yml b/test-playbooks/change_ssh_port.yml
new file mode 100644
index 0000000..29e962b
--- /dev/null
+++ b/test-playbooks/change_ssh_port.yml
@@ -0,0 +1,66 @@
+---
+- name: Change SSH Port
+  hosts: all
+  become: true
+  vars:
+    new_ssh_port: 22233
+    old_ssh_port: 22
+
+  tasks:
+    # 1. Настройка SELinux (для CentOS/RHEL/Fedora)
+    - name: Check if SELinux is enabled
+      command: getenforce
+      register: selinux_status
+      changed_when: false
+      ignore_errors: true
+
+    - name: Allow SSH on new port via SELinux
+      community.general.seport:
+        ports: "{{ new_ssh_port }}"
+        proto: tcp
+        setype: ssh_port_t
+        state: present
+      when: 
+        - selinux_status.stdout is defined
+        - selinux_status.stdout == "Enforcing"
+      ignore_errors: true 
+      # Игнорируем ошибки, если semanage не установлен, 
+      # но лучше установить policycoreutils-python-utils заранее.
+
+    # 2. Настройка Firewall (UFW для Ubuntu/Debian)
+    - name: Open new SSH port in UFW
+      community.general.ufw:
+        rule: allow
+        port: "{{ new_ssh_port }}"
+        proto: tcp
+      when: ansible_os_family == "Debian"
+
+    # 3. Настройка Firewall (Firewalld для CentOS/RHEL)
+    - name: Open new SSH port in Firewalld
+      ansible.posix.firewalld:
+        port: "{{ new_ssh_port }}/tcp"
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: ansible_os_family == "RedHat"
+
+    # 4. Изменение конфигурации SSHD
+    - name: Update SSH port in sshd_config
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?Port\s+'
+        line: "Port {{ new_ssh_port }}"
+        state: present
+        validate: '/usr/sbin/sshd -t -f %s'
+      notify: Restart SSH
+
+  handlers:
+    - name: Restart SSH
+      service:
+        name: "{{ item }}"
+        state: restarted
+      loop:
+        - ssh
+        - sshd
+      ignore_errors: true
+      # Используем loop, так как в Ubuntu служба называется 'ssh', а в CentOS 'sshd'
\ No newline at end of file