lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_ssh_filter_profile Configure SSH filter profile in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_ssh_filter_profile (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify ssh_filter feature and profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure SSH filter profile. fortios_ssh_filter_profile: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" ssh_filter_profile: block: "x11" default_command_log: "enable" file_filter: entries: - action: "log" comment: "Comment." direction: "incoming" file_type: - name: "default_name_11 (source antivirus.filetype.name)" filter: "<your_own_value>" password_protected: "yes" protocol: "ssh" log: "enable" scan_archive_contents: "enable" status: "enable" log: "x11" name: "default_name_19" shell_commands: - action: "block" alert: "enable" id: "23" log: "enable" pattern: "<your_own_value>" severity: "low" type: "simple"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str ssh_filter_profile: default: null description: - Configure SSH filter profile. suboptions: block: choices: - x11 - shell - exec - port-forward - tun-forward - sftp - scp - unknown description: - SSH blocking options. elements: str type: list default_command_log: choices: - enable - disable description: - Enable/disable logging unmatched shell commands. type: str file_filter: description: - File filter. suboptions: entries: description: - File filter entries. elements: dict suboptions: action: choices: - log - block description: - Action taken for matched file. type: str comment: description: - Comment. type: str direction: choices: - incoming - outgoing - any description: - Match files transmitted in the session"s originating or reply direction. type: str file_type: description: - Select file type. elements: dict suboptions: name: description: - File type name. Source antivirus.filetype.name. type: str type: list filter: description: - Add a file filter. type: str password_protected: choices: - 'yes' - any description: - Match password-protected files. type: str protocol: choices: - ssh description: - Protocols to apply with. elements: str type: list type: list log: choices: - enable - disable description: - Enable/disable file filter logging. type: str scan_archive_contents: choices: - enable - disable description: - Enable/disable file filter archive contents scan. type: str status: choices: - enable - disable description: - Enable/disable file filter. type: str type: dict log: choices: - x11 - shell - exec - port-forward - tun-forward - sftp - scp - unknown description: - SSH logging options. elements: str type: list name: description: - SSH filter profile name. required: true type: str shell_commands: description: - SSH command filter. elements: dict suboptions: action: choices: - block - allow description: - Action to take for SSH shell command matches. type: str alert: choices: - enable - disable description: - Enable/disable alert. type: str id: description: - Id. type: int log: choices: - enable - disable description: - Enable/disable logging. type: str pattern: description: - SSH shell command pattern. type: str severity: choices: - low - medium - high - critical description: - Log severity. type: str type: choices: - simple - regex description: - Matching type. type: str type: list type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str