Commit 692e0d1a authored by Mathias BOCQUET's avatar Mathias BOCQUET

first commit

parents
This diff is collapsed.
'fail2ban'. Ansible role to install and configure fail2ban.
Copyright © 2018 Mathias Bocquet (mbocquet@sekoya.org)
This file is part of 'fail2ban' Ansible role.
This 'fail2ban' Ansible role is free software: you can redistribute it and/or
modify it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This 'fail2ban' Ansible role is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License
for more details.
You should have received a copy of the GNU Affero General Public License along
with this 'fail2ban' Ansible role. If not, see <http://www.gnu.org/licenses/>.
# fail2ban
An Ansible role to install and configure fail2ban.
## Requirements
A server which runs services that should be protected by fail2ban.
## Role Variables
Many. See defaults/main.yml.
## Dependencies
None.
## Install this role as submodule of an existing GIT repository
`git submodule add https://github.com/mbocquet/fail2ban.git roles/fail2ban`
## Example Playbook
- hosts: servers
roles:
- fail2ban
- hosts: servers
roles:
- { role: fail2ban, x: 42 }
## License
GPLv3
## Author Information
<a href="http://www.sekoya.org" target="new">http://www.sekoya.org</a>
---
# defaults file for fail2ban
fail2ban_packages:
- 'fail2ban'
# local configuration changes should go there (choose one)
fail2ban_jail_local: '/etc/fail2ban/jail.local'
# fail2ban_jail_local: '/etc/fail2ban/jail.d/customisation.local
fail2ban_ignoreip:
- '127.0.0.1/8'
# - 'host.example.org'
# bantime
fail2ban_bantime: '3600'
# emails
fail2ban_destemail: 'root'
fail2ban_mta: 'sendmail'
# enabled jails
# fail2ban_jails:
# - sshd
# - ssh-ddos
...
---
# handlers file for fail2ban
- name: fail2ban reload
service:
name: fail2ban
state: reloaded
...
galaxy_info:
author: Mathias BOCQUET
description: Ansible role to install and configure fail2ban.
company: Sekoya.org (http://www.sekoya.org)
license: GPLv3
min_ansible_version: 1.2
platforms:
- name: Debian
versions:
#- all
- buster
#- etch
- jessie
#- lenny
- sid
#- squeeze
- stretch
#- wheezy
galaxy_tags:
- fail2ban
- iptables
- sysadmin
dependencies: []
---
# tasks file for fail2ban
- name: "packages"
package:
name: '{{ item }}'
with_items: '{{ fail2ban_packages }}'
tags:
- fail2ban
- packages
- name: "{{ fail2ban_jail_local }}"
template:
src: 'jail.local.j2'
dest: "{{ fail2ban_jail_local }}"
notify:
- fail2ban reload
tags:
- fail2ban
- config
...
# {{ ansible_managed }} roles/fail2ban/templates/jail.local
# {{ ansible_managed }} (roles/fail2ban/templates/jail.local)
[DEFAULT]
{% if fail2ban_ignoreip is defined %}
ignoreip = {{ fail2ban_ignoreip | join (' ') }}
{% endif %}
{% if fail2ban_bantime is defined %}
bantime = {{ fail2ban_bantime }}
{% endif %}
{% if fail2ban_destemail is defined %}
destemail = {{ fail2ban_destemail }}
{% endif %}
{% if fail2ban_mta is defined %}
mta = {{ fail2ban_mta }}
{% endif %}
{% if fail2ban_jails is defined %}
{% for jail in fail2ban_jails %}
[{{ jail }}]
enabled = true
{% endfor %}
{% endif %}
---
- hosts: localhost
remote_user: root
roles:
- fail2ban
\ No newline at end of file
---
# vars file for fail2ban
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment