{"id":468694,"status":"ok","playbook":{"id":3818,"items":{"plays":1,"tasks":3,"results":3,"hosts":1,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/kuly/bash-kvm-inventory-dev.sh"],"listhosts":false,"subset":"perfect-antelope.man-1.solus.stage.town","extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["RM10136_firewall_ssh_deny.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"},{"id":228,"name":"subset:perfect-antelope.man-1.solus.stage.town"}],"started":"2025-09-16T10:20:12.381309+01:00","ended":"2025-09-16T10:20:15.158207+01:00","duration":"00:00:02.776898","name":null,"ansible_version":"2.16.11","client_version":"1.7.3","python_version":"3.10.10","server_version":"1.7.3","status":"completed","path":"/home/ssh-gateway/ansible/kuly/RM10136_firewall_ssh_deny.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"play":{"id":4272,"items":{"tasks":3,"results":3},"started":"2025-09-16T10:20:12.530982+01:00","ended":"2025-09-16T10:20:15.058834+01:00","duration":"00:00:02.527852","name":"Playbook to deny ssh for plesk servers that do not have shell users","status":"completed"},"task":{"id":9608,"items":{"results":1},"path":"/home/ssh-gateway/ansible/kuly/RM10136_firewall_ssh_deny.yaml","tags":[],"started":"2025-09-16T10:20:14.240994+01:00","ended":"2025-09-16T10:20:14.832472+01:00","duration":"00:00:00.591478","name":"On plesk server run the script","uuid":"001851d0-75dc-9328-7def-000000000030","action":"ansible.builtin.shell","lineno":9,"handler":false,"status":"completed","warnings":[],"deprecations":[],"exceptions":[],"file":5938},"host":{"id":175910,"name":"perfect-antelope.man-1.solus.stage.town","changed":0,"failed":0,"ok":3,"skipped":0,"unreachable":0},"delegated_to":[],"content":{"changed":false,"cmd":"set -o pipefail\nset -e\nhomedirs=$(awk '/HTTPD_VHOSTS_D/ {print $2}' /etc/psa/psa.conf)\nbashes=$(grep \"$homedirs\" /etc/passwd | grep -v \"/bin/false\" | wc -l)\nif [ \"$bashes\" -eq 0 ]; then\n  rule_id=$(/usr/sbin/plesk ext firewall --list-json | jq -r '.[] | select(.class==\"ssh\") | .id')\n  if [ -n \"$rule_id\" ]; then\n    echo \"Blocking SSH via Plesk firewall (rule ID: $rule_id)...\"\n    /usr/sbin/plesk ext firewall --set-rule -id \"$rule_id\" -action deny && /usr/sbin/plesk ext firewall --apply -auto-confirm-this-may-lock-me-out-of-the-server\n  else\n    echo \"SSH rule not found in firewall!\"\n  fi\nelse\n  echo \"We have users with shells, skipping\"\nfi\n","delta":"0:00:00.010737","end":"2025-09-16 10:20:14.802423","failed_when_result":false,"invocation":{"module_args":{"_raw_params":"set -o pipefail\nset -e\nhomedirs=$(awk '/HTTPD_VHOSTS_D/ {print $2}' /etc/psa/psa.conf)\nbashes=$(grep \"$homedirs\" /etc/passwd | grep -v \"/bin/false\" | wc -l)\nif [ \"$bashes\" -eq 0 ]; then\n  rule_id=$(/usr/sbin/plesk ext firewall --list-json | jq -r '.[] | select(.class==\"ssh\") | .id')\n  if [ -n \"$rule_id\" ]; then\n    echo \"Blocking SSH via Plesk firewall (rule ID: $rule_id)...\"\n    /usr/sbin/plesk ext firewall --set-rule -id \"$rule_id\" -action deny && /usr/sbin/plesk ext firewall --apply -auto-confirm-this-may-lock-me-out-of-the-server\n  else\n    echo \"SSH rule not found in firewall!\"\n  fi\nelse\n  echo \"We have users with shells, skipping\"\nfi\n","_uses_shell":true,"argv":null,"chdir":null,"creates":null,"executable":"/bin/bash","expand_argument_vars":true,"removes":null,"stdin":null,"stdin_add_newline":true,"strip_empty_ends":true}},"msg":"non-zero return code","rc":1,"start":"2025-09-16 10:20:14.791686","stderr":"","stderr_lines":[],"stdout":"","stdout_lines":[]},"created":"2025-09-16T10:20:14.824410+01:00","updated":"2025-09-16T10:20:14.824440+01:00","started":"2025-09-16T10:20:14.291226+01:00","ended":"2025-09-16T10:20:14.816965+01:00","duration":"00:00:00.525739","changed":false,"ignore_errors":false}