From 04d63c93f24578538bf4312e8d7167027262ed1d Mon Sep 17 00:00:00 2001
From: Ludovic Cartier <ludovic.cartier@alterway.fr>
Date: Mon, 16 Dec 2024 19:28:37 +0100
Subject: [PATCH] initial commit

---
 files/defaults.conf |  7 +++++++
 files/sshd.conf     |  2 ++
 handlers/main.yml   |  6 ++++++
 tasks/main.yml      | 44 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 59 insertions(+)
 create mode 100644 files/defaults.conf
 create mode 100644 files/sshd.conf
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/main.yml

diff --git a/files/defaults.conf b/files/defaults.conf
new file mode 100644
index 0000000..1af75ca
--- /dev/null
+++ b/files/defaults.conf
@@ -0,0 +1,7 @@
+[DEFAULT]
+bantime= 3600
+findtime= 10
+maxretry= 3
+
+ignoreip= 127.0.0.1/8
+
diff --git a/files/sshd.conf b/files/sshd.conf
new file mode 100644
index 0000000..9eb356c
--- /dev/null
+++ b/files/sshd.conf
@@ -0,0 +1,2 @@
+[sshd]
+enabled = true
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..2eb92fd
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: 'fail2ban | restart fail2ban'
+  systemd: 
+    name: fail2ban 
+    state: restarted
+  tags: ['fail2ban']
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..812af46
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+- name: 'fail2ban | apt update cache'
+  apt:
+    update_cache: yes
+    cache_valid_time: 86400 #One day
+  tags: ['fail2ban']
+
+- name: 'fail2ban | install iptables packages'
+  apt:
+    name: "{{ item }}"
+    update_cache: true
+    state: present
+  with_items:
+    - fail2ban
+  tags: ['fail2ban']
+
+- name: 'fail2ban | delete default config'
+  file:
+    path: "/etc/fail2ban/jail.d/defaults-debian.conf"
+    state: absent
+  notify:
+    - 'fail2ban | restart fail2ban'
+  tags: ['fail2ban']
+
+- name: 'fail2ban | configuring fail2ban'
+  copy: 
+    src: defaults.conf
+    dest: /etc/fail2ban/jail.d/defaults.conf
+    mode: 0644
+    force: yes
+  notify:
+    - 'fail2ban | restart fail2ban'
+  tags: ['fail2ban']
+
+- name: 'fail2ban | enable sshd jail'
+  copy:
+    src: sshd.conf
+    dest: /etc/fail2ban/jail.d/sshd.conf
+    mode: 0644
+    force: yes
+  notify:
+    - 'fail2ban | restart fail2ban'
+  tags: ['fail2ban']
+