Added role fail2ban/application
parent
c110a24e9f
commit
f91f2bc325
@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
config_dir: "/etc/fail2ban"
|
||||
actions_directory: "{{ config_dir }}/action.d"
|
||||
filters_directory: "{{ config_dir }}/filter.d"
|
||||
jails_directory: "{{ config_dir }}/jail.d"
|
@ -0,0 +1,13 @@
|
||||
---
|
||||
|
||||
- name: reload fail2ban
|
||||
systemd:
|
||||
enabled: yes
|
||||
name: fail2ban.service
|
||||
state: reloaded
|
||||
|
||||
- name: restart fail2ban
|
||||
systemd:
|
||||
enabled: yes
|
||||
name: fail2ban.service
|
||||
state: restarted
|
@ -0,0 +1,3 @@
|
||||
---
|
||||
|
||||
allow_duplicates: no
|
@ -0,0 +1,18 @@
|
||||
---
|
||||
|
||||
- name: Install required packages
|
||||
apt:
|
||||
state: present
|
||||
name:
|
||||
- fail2ban # base package
|
||||
# Recommended for fail2ban:
|
||||
- iptables # blocking using native firewall
|
||||
- python3-pyinotify # watch files natively
|
||||
- python3-systemd # view journals of systemd
|
||||
install_recommends: no
|
||||
|
||||
- name: Configure sshd jail
|
||||
template:
|
||||
src: sshd.jail.conf
|
||||
dest: "{{ jails_directory }}/sshd.local"
|
||||
notify: reload fail2ban
|
@ -0,0 +1,2 @@
|
||||
[sshd]
|
||||
enabled = true
|
Loading…
Reference in New Issue