69 lines
1.3 KiB
YAML
69 lines
1.3 KiB
YAML
---
|
|
- name: install fail2ban packages
|
|
apt:
|
|
name: '{{ packages }}'
|
|
state: present
|
|
vars:
|
|
packages:
|
|
- fail2ban
|
|
- whois
|
|
- bsd-mailx
|
|
register: result
|
|
retries: 3
|
|
delay: 1
|
|
until: result is success
|
|
tags: fail2ban
|
|
|
|
- name: remove default config
|
|
file:
|
|
path: /etc/fail2ban/jail.d/defaults-debian.conf
|
|
state: absent
|
|
tags: fail2ban
|
|
|
|
- name: copy main configuration
|
|
template:
|
|
src: jail.conf.j2
|
|
dest: /etc/fail2ban/jail.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: restart fail2ban
|
|
tags: fail2ban
|
|
|
|
- name: copy iptables blocktype configuration
|
|
template:
|
|
src: iptables-blocktype.conf.j2
|
|
dest: /etc/fail2ban/action.d/iptables-blocktype.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: restart fail2ban
|
|
tags: fail2ban
|
|
|
|
- name: copy fail2ban filters
|
|
template:
|
|
src: filter.conf.j2
|
|
dest: '/etc/fail2ban/filter.d/{{ item.name }}.conf'
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
loop: '{{ fail2ban_filters }}'
|
|
notify: restart fail2ban
|
|
tags: fail2ban
|
|
|
|
- name: copy jails file
|
|
template:
|
|
src: 'jails.conf.j2'
|
|
dest: '/etc/fail2ban/jail.d/jails.conf'
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
notify: restart fail2ban
|
|
tags: fail2ban
|
|
|
|
- name: enable and start fail2ban
|
|
service:
|
|
name: fail2ban
|
|
enabled: yes
|
|
state: started
|
|
tags: fail2ban
|