vn-ansible/roles/config-fail2ban/tasks/main.yaml

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Install and configure FAIL2BAN
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

- name: "[CONFIG FAIL2BAN] Comprobando si es necesario configurar fail2ban"
  meta: end_host
  when: fail2ban_enabled is not defined or not fail2ban_enabled

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# comprobe if fail2ban is installed if not then install fail2ban
# Gather the package facts
# - name: Gather the package facts
#  package_facts:
#    manager: auto
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# install packages if is not in the system
- name: install fail2ban package if is not in the system
  apt:
    name: fail2ban
    state: present
#  when: "'fail2ban' not in ansible_facts.packages"  # ansible comprobes if is ok its installed
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# configure fail2ban
# template a file to /etc/fail2ban/jail.local
- name: template a file to /etc/fail2ban/jail.local
  template:
    src: jail2.j2
    dest: "{{ path_jail_local }}"
    owner: root
    group: root
    mode: '0644'
    backup: true
  notify: restart fail2ban
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# service fail2ban should start on boot.
- name: service should start on boot
  service:
    name: "{{ fail2ban_daemon }}"
    enabled: yes
# service nftables should start on boot.
- name: service nftables should start on boot
  service:
    name: "{{ nftables_daemon }}"
    enabled: true
  notify: restart nftables
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
change service module enabled to true 2023-12-19 13:13:53 +00:00			`# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
create fail2ban file tasks 2023-10-17 13:02:13 +00:00			`# Install and configure FAIL2BAN`
change service module enabled to true 2023-12-19 13:13:53 +00:00			`# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
update and create new tasks 2023-10-18 07:06:20 +00:00
add conditional 2024-02-15 16:18:29 +00:00			`- name: "[CONFIG FAIL2BAN] Comprobando si es necesario configurar fail2ban"`
add conditional 2024-02-15 16:17:50 +00:00			`meta: end_host`
			`when: fail2ban_enabled is not defined or not fail2ban_enabled`

change service module enabled to true 2023-12-19 13:13:53 +00:00			`# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
update task on main playbook 2023-10-18 12:24:17 +00:00			`# comprobe if fail2ban is installed if not then install fail2ban`
			`# Gather the package facts`
change service module enabled to true 2023-12-19 13:13:53 +00:00			`# - name: Gather the package facts`
change iptables to nftables 2023-10-26 12:16:21 +00:00			`# package_facts:`
			`# manager: auto`
change service module enabled to true 2023-12-19 13:13:53 +00:00			`# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
			`# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
update task on main playbook 2023-10-18 12:24:17 +00:00			`# install packages if is not in the system`
update fail2ban to nftables 2023-10-26 12:18:17 +00:00			`- name: install fail2ban package if is not in the system`
			`apt:`
			`name: fail2ban`
			`state: present`
			`# when: "'fail2ban' not in ansible_facts.packages" # ansible comprobes if is ok its installed`
change service module enabled to true 2023-12-19 13:13:53 +00:00			`# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
update task on main playbook 2023-10-18 12:24:17 +00:00
change service module enabled to true 2023-12-19 13:13:53 +00:00			`# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
test 2023-10-19 09:21:54 +00:00			`# configure fail2ban`
			`# template a file to /etc/fail2ban/jail.local`
			`- name: template a file to /etc/fail2ban/jail.local`
			`template:`
use jail2.js to test 2023-10-27 08:02:22 +00:00			`src: jail2.j2`
test 2023-10-19 09:21:54 +00:00			`dest: "{{ path_jail_local }}"`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: true`
change iptables to nftables 2023-10-26 12:16:21 +00:00			`notify: restart fail2ban`
change service module enabled to true 2023-12-19 13:13:53 +00:00			`# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`
add enable fail2ban service 2024-02-12 16:24:01 +00:00			`# service fail2ban should start on boot.`
			`- name: service should start on boot`
			`service:`
			`name: "{{ fail2ban_daemon }}"`
			`enabled: yes`
change iptables to nftables 2023-10-26 12:16:21 +00:00			`# service nftables should start on boot.`
			`- name: service nftables should start on boot`
add service should start on boot 2023-10-23 15:15:57 +00:00			`service:`
change iptables to nftables 2023-10-26 12:16:21 +00:00			`name: "{{ nftables_daemon }}"`
change service module enabled to true 2023-12-19 13:13:53 +00:00			`enabled: true`
change iptables to nftables 2023-10-26 12:16:21 +00:00			`notify: restart nftables`
change service module enabled to true 2023-12-19 13:13:53 +00:00			`# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++`