vn-ansible/roles/debian-base/tasks/fail2ban.yml

- name: Install fail2ban and rsyslog packages
  apt:
    name: "{{ fail2ban_base_packages }}"
    state: present
- name: Configure sshd_config settings
  copy:
    dest: /etc/ssh/sshd_config.d/vn-fail2ban.conf
    content: |
      # Do not edit this file! Ansible will overwrite it.
      
      SyslogFacility AUTH
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: restart sshd
- name: Configure fail2ban service
  template:
    src: jail.local
    dest: /etc/fail2ban/jail.local
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: restart fail2ban
  register: jail
- name: Ensure file for auth sshd custom log exists
  file:
    path: /var/log/auth.log
    state: touch
    owner: root
    group: adm
    mode: u=rw,g=r,o=
  when: jail.changed
Initial commit 2024-10-16 15:53:15 +00:00			`- name: Install fail2ban and rsyslog packages`
			`apt:`
			`name: "{{ fail2ban_base_packages }}"`
			`state: present`
			`- name: Configure sshd_config settings`
			`copy:`
			`dest: /etc/ssh/sshd_config.d/vn-fail2ban.conf`
			`content: \|`
			`# Do not edit this file! Ansible will overwrite it.`

			`SyslogFacility AUTH`
			`owner: root`
			`group: root`
			`mode: u=rw,g=r,o=r`
			`notify: restart sshd`
			`- name: Configure fail2ban service`
			`template:`
			`src: jail.local`
			`dest: /etc/fail2ban/jail.local`
			`owner: root`
			`group: root`
			`mode: u=rw,g=r,o=r`
			`notify: restart fail2ban`
			`register: jail`
			`- name: Ensure file for auth sshd custom log exists`
			`file:`
			`path: /var/log/auth.log`
			`state: touch`
			`owner: root`
			`group: adm`
			`mode: u=rw,g=r,o=`
			`when: jail.changed`