roles/host/tasks/unprivileged-ports.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

- name: Unprivileged port block
  block:
    - name: Confirm port 80 and above is allowed for unprivileged use
      ansible.builtin.shell: "sysctl net.ipv4.ip_unprivileged_port_start |grep 80"

  rescue:
    - name: Set sysctl parameter net.ipv4.ip_unprivileged_port_start=80
      ansible.builtin.lineinfile:
        path: "/etc/sysctl.conf"
        regexp: "^net.ipv4.ip_unprivileged_port_start=80"
        line: "net.ipv4.ip_unprivileged_port_start=80"

    - name: Reload sysctl
      ansible.builtin.shell: "sysctl -p /etc/sysctl.conf"

    - name: Confirm port 80 and above is allowed for unprivileged use
      ansible.builtin.shell: "sysctl net.ipv4.ip_unprivileged_port_start |grep 80"