Added role fail2ban/application
parent
c110a24e9f
commit
f91f2bc325
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
config_dir: "/etc/fail2ban"
|
||||||
|
actions_directory: "{{ config_dir }}/action.d"
|
||||||
|
filters_directory: "{{ config_dir }}/filter.d"
|
||||||
|
jails_directory: "{{ config_dir }}/jail.d"
|
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: reload fail2ban
|
||||||
|
systemd:
|
||||||
|
enabled: yes
|
||||||
|
name: fail2ban.service
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
- name: restart fail2ban
|
||||||
|
systemd:
|
||||||
|
enabled: yes
|
||||||
|
name: fail2ban.service
|
||||||
|
state: restarted
|
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
allow_duplicates: no
|
@ -0,0 +1,18 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install required packages
|
||||||
|
apt:
|
||||||
|
state: present
|
||||||
|
name:
|
||||||
|
- fail2ban # base package
|
||||||
|
# Recommended for fail2ban:
|
||||||
|
- iptables # blocking using native firewall
|
||||||
|
- python3-pyinotify # watch files natively
|
||||||
|
- python3-systemd # view journals of systemd
|
||||||
|
install_recommends: no
|
||||||
|
|
||||||
|
- name: Configure sshd jail
|
||||||
|
template:
|
||||||
|
src: sshd.jail.conf
|
||||||
|
dest: "{{ jails_directory }}/sshd.local"
|
||||||
|
notify: reload fail2ban
|
@ -0,0 +1,2 @@
|
|||||||
|
[sshd]
|
||||||
|
enabled = true
|
Loading…
Reference in New Issue