--- # This is an example playbook to execute Ansible tests. - name: Verify hosts: all gather_facts: false tasks: - name: check for nftables.d stat: path: /etc/nftables.d register: p - name: check nftables.d assert: that: - p.stat.exists and p.stat.isdir - name: check for nftables.conf stat: path: /etc/nftables.conf register: p - name: check nftables.conf assert: that: - p.stat.exists - name: check for filter-input.nft stat: path: /etc/nftables.d/filter-input.nft register: p - name: check filter-input.nft assert: that: - p.stat.exists - name: list rules command: nft list ruleset register: nft - name: debug rules debug: var=nft - name: check rules assert: that: # The whole line is: # type filter hook input priority 0; policy drop; # However on CentOS will return "priority 0", while Debian will # show "priority filter" - '"type filter hook input" in nft.stdout' - '"type filter hook output" in nft.stdout' - name: check for fail2ban systemd custom dir stat: path: /etc/systemd/system/fail2ban.service.d register: f2b_systemd_dir - name: check fail2ban systemd custom dir assert: that: - f2b_systemd_dir.stat.exists and f2b_systemd_dir.stat.isdir - name: check for fail2ban systemd override stat: path: /etc/systemd/system/fail2ban.service.d/override.conf register: f2b_systemd_override - name: check fail2ban systemd override assert: that: - f2b_systemd_override.stat.exists - name: service status - active command: systemctl is-active nftables.service register: status - name: check service status assert: that: - 'status.stdout == "active"' - name: service status - enabled command: systemctl is-enabled nftables.service register: status - name: check service status assert: that: - 'status.stdout == "enabled"'