From 684a298e03d32f2eae470b74142e7cbf752c2150 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= <xavi@verdnatura.es>
Date: Mon, 14 Oct 2024 13:53:36 +0200
Subject: [PATCH] Refs #8025 Rol debian-base. fail2ban task - ensure
 /var/log/auth exists before restarting Fail2ban for systemd exit code 0

---
 roles/debian-base/handlers/main.yml    | 2 +-
 roles/debian-base/tasks/fail2ban.yml   | 9 ++++++++-
 roles/debian-base/templates/jail.local | 2 +-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/roles/debian-base/handlers/main.yml b/roles/debian-base/handlers/main.yml
index 6d3fab4..e2ee81e 100644
--- a/roles/debian-base/handlers/main.yml
+++ b/roles/debian-base/handlers/main.yml
@@ -6,7 +6,7 @@
   systemd:
     name: ssh
     state: restarted
-- name: restart-fail2ban
+- name: restart fail2ban
   systemd:
     name: fail2ban
     state: restarted
diff --git a/roles/debian-base/tasks/fail2ban.yml b/roles/debian-base/tasks/fail2ban.yml
index a3ed3f1..33a8d67 100644
--- a/roles/debian-base/tasks/fail2ban.yml
+++ b/roles/debian-base/tasks/fail2ban.yml
@@ -9,4 +9,11 @@
     owner: root
     group: root
     mode: u=rw,g=r,o=r
-  notify: restart-fail2ban
+  notify: restart fail2ban
+- name: Ensure file for auth sshd custom log exists
+  file:
+    path: /var/log/auth.log
+    state: touch
+    owner: root
+    group: adm
+    mode: u=rw,g=r,o=
diff --git a/roles/debian-base/templates/jail.local b/roles/debian-base/templates/jail.local
index 9c0cd5b..69847a7 100644
--- a/roles/debian-base/templates/jail.local
+++ b/roles/debian-base/templates/jail.local
@@ -18,4 +18,4 @@ enabled   = true
 port      = 0:65535
 filter    = sshd
 logpath   = {{ fail2ban.logpath }}
-action    = %(action_mwl)s
\ No newline at end of file
+action    = %(action_mwl)s