From f91f2bc3256049f3cc418481485e003897223109 Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@outlook.com>
Date: Fri, 24 Apr 2020 13:20:20 +0200
Subject: [PATCH] Added role fail2ban/application

---
 roles/fail2ban/application/defaults/main.yml   |  6 ++++++
 roles/fail2ban/application/handlers/main.yml   | 13 +++++++++++++
 roles/fail2ban/application/meta/main.yml       |  3 +++
 roles/fail2ban/application/tasks/main.yml      | 18 ++++++++++++++++++
 .../application/templates/sshd.jail.conf       |  2 ++
 5 files changed, 42 insertions(+)
 create mode 100644 roles/fail2ban/application/defaults/main.yml
 create mode 100644 roles/fail2ban/application/handlers/main.yml
 create mode 100644 roles/fail2ban/application/meta/main.yml
 create mode 100644 roles/fail2ban/application/tasks/main.yml
 create mode 100644 roles/fail2ban/application/templates/sshd.jail.conf

diff --git a/roles/fail2ban/application/defaults/main.yml b/roles/fail2ban/application/defaults/main.yml
new file mode 100644
index 0000000..7a06918
--- /dev/null
+++ b/roles/fail2ban/application/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+config_dir: "/etc/fail2ban"
+actions_directory: "{{ config_dir }}/action.d"
+filters_directory: "{{ config_dir }}/filter.d"
+jails_directory: "{{ config_dir }}/jail.d"
diff --git a/roles/fail2ban/application/handlers/main.yml b/roles/fail2ban/application/handlers/main.yml
new file mode 100644
index 0000000..445da01
--- /dev/null
+++ b/roles/fail2ban/application/handlers/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: reload fail2ban
+  systemd:
+    enabled: yes
+    name: fail2ban.service
+    state: reloaded
+
+- name: restart fail2ban
+  systemd:
+    enabled: yes
+    name: fail2ban.service
+    state: restarted
diff --git a/roles/fail2ban/application/meta/main.yml b/roles/fail2ban/application/meta/main.yml
new file mode 100644
index 0000000..611d474
--- /dev/null
+++ b/roles/fail2ban/application/meta/main.yml
@@ -0,0 +1,3 @@
+---
+
+allow_duplicates: no
diff --git a/roles/fail2ban/application/tasks/main.yml b/roles/fail2ban/application/tasks/main.yml
new file mode 100644
index 0000000..cf20ee4
--- /dev/null
+++ b/roles/fail2ban/application/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+
+- name: Install required packages
+  apt:
+    state: present
+    name:
+      - fail2ban # base package
+      # Recommended for fail2ban:
+      - iptables # blocking using native firewall
+      - python3-pyinotify # watch files natively
+      - python3-systemd # view journals of systemd
+    install_recommends: no
+
+- name: Configure sshd jail
+  template:
+    src: sshd.jail.conf
+    dest: "{{ jails_directory }}/sshd.local"
+  notify: reload fail2ban
diff --git a/roles/fail2ban/application/templates/sshd.jail.conf b/roles/fail2ban/application/templates/sshd.jail.conf
new file mode 100644
index 0000000..9eb356c
--- /dev/null
+++ b/roles/fail2ban/application/templates/sshd.jail.conf
@@ -0,0 +1,2 @@
+[sshd]
+enabled = true