Hello, World! I’m Muhammad Kamran Kabeer.
As an IT Instructor and the founder of MK EduOps Solutions, I often see students and small businesses focus on "getting things to work" while completely ignoring "getting things secured."Today, I’m sharing Lab 1 from my new series: The Hardened Gateway. We will use Ansible to automate the security of a Linux server on a Dell Latitude E7440 (or any Ubuntu/Debian machine).
🛡️ Why "Default Deny"?
Most people try to block "bad" ports. The professional way is to deny everything and only open what you need. This is the "Zero-Trust" mindset.
🛠️ The Automation Code
Here is the Ansible block I use to secure my lab environments:
YAML
-
name: Lab 1 - The Hardened Gateway
hosts: localhost
become: yes
tasks:- name: Ensure UFW is installed apt: { name: ufw, state: present }
- name: Set Default Policies to DENY community.general.ufw: { state: enabled, policy: deny, direction: incoming }
- name: Allow Essential Traffic community.general.ufw: { rule: allow, port: "{{ item }}", proto: tcp } loop: ['22', '80', '443', '81'] 🚀 The Result Running this ensures that only SSH and Web traffic can enter. Everything else—unsecured databases, internal APIs, or forgotten services—is hidden from the world.
Check out the full lab repository here:https://github.com/muhammadkamrankabeer-oss/MK-EduOps-Labs
Top comments (0)