initial commit

2024-12-16 19:28:37 +01:00 · 2024-12-16 19:28:37 +01:00 · 04d63c93f2
commit 04d63c93f2
parent 98722ebc6f
4 changed files with 59 additions and 0 deletions
--- a/files/defaults.conf
+++ b/files/defaults.conf
@ -0,0 +1,7 @@
+[DEFAULT]
+bantime= 3600
+findtime= 10
+maxretry= 3
+
+ignoreip= 127.0.0.1/8
+
--- a/files/sshd.conf
+++ b/files/sshd.conf
@ -0,0 +1,2 @@
+[sshd]
+enabled = true
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: 'fail2ban | restart fail2ban'
+  systemd: 
+    name: fail2ban 
+    state: restarted
+  tags: ['fail2ban']
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,44 @@
+---
+- name: 'fail2ban | apt update cache'
+  apt:
+    update_cache: yes
+    cache_valid_time: 86400 #One day
+  tags: ['fail2ban']
+
+- name: 'fail2ban | install iptables packages'
+  apt:
+    name: "{{ item }}"
+    update_cache: true
+    state: present
+  with_items:
+    - fail2ban
+  tags: ['fail2ban']
+
+- name: 'fail2ban | delete default config'
+  file:
+    path: "/etc/fail2ban/jail.d/defaults-debian.conf"
+    state: absent
+  notify:
+    - 'fail2ban | restart fail2ban'
+  tags: ['fail2ban']
+
+- name: 'fail2ban | configuring fail2ban'
+  copy: 
+    src: defaults.conf
+    dest: /etc/fail2ban/jail.d/defaults.conf
+    mode: 0644
+    force: yes
+  notify:
+    - 'fail2ban | restart fail2ban'
+  tags: ['fail2ban']
+
+- name: 'fail2ban | enable sshd jail'
+  copy:
+    src: sshd.conf
+    dest: /etc/fail2ban/jail.d/sshd.conf
+    mode: 0644
+    force: yes
+  notify:
+    - 'fail2ban | restart fail2ban'
+  tags: ['fail2ban']
+