Добавить test-playbooks/change_ssh_port.yml

test-playbooks/change_ssh_port.yml

@@ -0,0 +1,66 @@
+---
+- name: Change SSH Port
+  hosts: all
+  become: true
+  vars:
+    new_ssh_port: 22233
+    old_ssh_port: 22
+
+  tasks:
+    # 1. Настройка SELinux (для CentOS/RHEL/Fedora)
+    - name: Check if SELinux is enabled
+      command: getenforce
+      register: selinux_status
+      changed_when: false
+      ignore_errors: true
+
+    - name: Allow SSH on new port via SELinux
+      community.general.seport:
+        ports: "{{ new_ssh_port }}"
+        proto: tcp
+        setype: ssh_port_t
+        state: present
+      when: 
+        - selinux_status.stdout is defined
+        - selinux_status.stdout == "Enforcing"
+      ignore_errors: true 
+      # Игнорируем ошибки, если semanage не установлен, 
+      # но лучше установить policycoreutils-python-utils заранее.
+
+    # 2. Настройка Firewall (UFW для Ubuntu/Debian)
+    - name: Open new SSH port in UFW
+      community.general.ufw:
+        rule: allow
+        port: "{{ new_ssh_port }}"
+        proto: tcp
+      when: ansible_os_family == "Debian"
+
+    # 3. Настройка Firewall (Firewalld для CentOS/RHEL)
+    - name: Open new SSH port in Firewalld
+      ansible.posix.firewalld:
+        port: "{{ new_ssh_port }}/tcp"
+        permanent: yes
+        state: enabled
+        immediate: yes
+      when: ansible_os_family == "RedHat"
+
+    # 4. Изменение конфигурации SSHD
+    - name: Update SSH port in sshd_config
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?Port\s+'
+        line: "Port {{ new_ssh_port }}"
+        state: present
+        validate: '/usr/sbin/sshd -t -f %s'
+      notify: Restart SSH
+
+  handlers:
+    - name: Restart SSH
+      service:
+        name: "{{ item }}"
+        state: restarted
+      loop:
+        - ssh
+        - sshd
+      ignore_errors: true
+      # Используем loop, так как в Ubuntu служба называется 'ssh', а в CentOS 'sshd'