Try SpotterManage SSH proxy security profile rules on a BIG-IP
| "added in version" 1.13.0 of f5networks.f5_bigip"
Authors: Rohit Upadhyay (@urohit011)
Install with ansible-galaxy collection install f5networks.f5_bigip:==3.4.0
collections:
- name: f5networks.f5_bigip
version: 3.4.0Manage SSH proxy security profile rules on a BIG-IP.
- name: Create ssh profile rule
bigip_security_ssh_profile_rules:
name: test_rule_1
users:
- test_user_1
- test_user_2
profile_name: test_ssh
action:
name: test_action
shell:
control: allow
log: true
forward_x11:
control: terminate
log: true
- name: Modify ssh profile rule, add action
bigip_security_ssh_profile_rules:
name: test_rule_1
users:
- test_user_1
- test_user_2
profile_name: test_ssh
action:
name: test_action
shell:
control: allow
log: true
forward_x11:
control: terminate
log: true
other:
control: terminate
log: true
- name: Delete ssh profile rule
bigip_security_ssh_profile_rules:
name: test_rule_1
profile_name: test_ssh
state: absent
name:
description:
- Specifies the name of the rule that will be applied to the SSH security profile.
required: true
type: str
state:
choices:
- absent
- present
default: present
description:
- When C(present), ensures the SSH proxy security profile rule is created.
- When C(absent), ensures the SSH proxy security profile rule is removed.
type: str
users:
description:
- Specifies the list of users to be added to the SSH proxy permissions list.
elements: str
type: list
action:
description:
- Species the action of the rule which is to be applied to the SSH security profile.
suboptions:
agent:
description:
- Defines the use of an ssh-agent over the SSH tunnel.
- Agent forwarding specifies the chain of SSH connections, forwards key challenges
back to the original agent, removing the need for passwords or private keys
on intermediate machines.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
forward_local:
description:
- Defines the use of the C(-L) to do local port forwarding over the SSH tunnel.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
forward_remote:
description:
- Defines the use of the C(-R) to do remote port forwarding over the SSH tunnel.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
forward_x11:
description:
- Defines the use of X11 forwarding over the SSH tunnel.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
name:
description:
- Name of the C(action) to be created or modified.
required: true
type: str
other:
description:
- Defines the use of other SSH commands on the SSH connection.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
rexec:
description:
- Defines the use of C(rexec) remote execution commands over the SSH tunnel.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
scp_down:
description:
- Defines the use of Secure Copy to copy files from a remote directory to a local
directory over the SSH tunnel.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
scp_up:
description:
- Defines the use of Secure Copy to copy files from a local directory to a remote
directory over the SSH tunnel.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
sftp_down:
description:
- Defines the use of Secure File Transfer Protocol to download files over the
SSH tunnel.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
sftp_up:
description:
- Defines the use of Secure File Transfer Protocol to upload files over the SSH
tunnel.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
shell:
description:
- Defines the use of the C(shell) command to open an SSH shell channel type.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow), allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate), the SSH connection is terminated with reset message
when the selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
sub_system:
description:
- Defines the use of the C(subsystem) command to invoke remote commands that are
defined on the server over the SSH tunnel.
suboptions:
control:
choices:
- allow
- disallow
- terminate
- unspecified
description:
- When set to C(allow) allows setup of the session for the selected SSH channel
action.
- When set to C(disallow), the SSH channel action is denied and a I(command
not accepted) message is sent.
- When set to C(terminate) the SSH connection is terminated with reset message
when selected channel action is received.
- When set to C(unspecified), no action is taken.
type: str
log:
description:
- Specifies if logging should be enabled for the selected SSH action.
type: bool
type: dict
type: dict
partition:
default: Common
description:
- Device partition to manage resources on.
type: str
profile_name:
description:
- Specifies the name of the SSH security profile to which this rule applies.
required: true
type: str
action: description: The action rule that is applied to the SSH security profile. returned: changed sample: hash/dictionary of values type: dict users: description: The list of users to be added to the SSH proxy permissions list. returned: changed sample: - '...' - '...' type: list