test

linux/base-config-debian/config-fail2ban.yaml

@@ -9,4 +9,45 @@
 
     - name: "[CONFIG FAIL2BAN] Install and configure fail2ban service"
       import_role:
-        name: config-fail2ban
+        name: config-fail2ban
+      vars:
+        bantime: 10m
+        maxretry: 10
+        findtime: 10m
+        jail.name:
+          - sshd
+          - dns
+        jail.enabled:
+          - true
+          - true
+        jail.filter:
+          - sshd
+          - asterisk
+        jail.logpath:
+          - /var/log/lastlog
+          - /var/log/asterisk/messages
+        jail.port:
+          - 22
+          - 5060
+        jail.maxretry:
+          - 10
+          - 10
+        jail.bantime:
+          - 10m
+          - 10m
+        jail.findtime:
+          - 10m
+          - 10m
+
+        #In this template:
+       
+        #{{ bantime }}, {{ maxretry }}, and {{ findtime }} represent the global default values for these settings.
+        #For each jail, you can specify various options including:
+        #{{ jail.name }}: The name of the jail.
+        #{{ jail.enabled }}: Whether the jail is enabled or not.
+        #{{ jail.filter }}: The filter for the jail.
+        #{{ jail.logpath }}: The log file path that Fail2Ban should monitor.
+        #{{ jail.port | join(' ') }}: The port(s) to monitor.
+        #{{ jail.maxretry }}: The maximum number of retries before banning.
+        #{{ jail.bantime }}: The ban time for this jail.
+        #{{ jail.findtime }}: The time window for counting retries.

linux/base-config-debian/roles/config-fail2ban/tasks/main.yaml

@@ -2,35 +2,32 @@
 # Install and configure FAIL2BAN
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 # comprobe if fail2ban is installed if not then install fail2ban
 # Gather the package facts
 - name: Gather the package facts
   package_facts:
     manager: auto
-#  register: ansible_facts.packages.stdout.find('fail2ban')
-#  register: packages
-
-#- name: obtener paquete fail2ban
-#  set_fact:
-#     packages: "{{ ansible_facts.packages['fail2ban'] }}"
-
-# print the package facts in var
-#- name: print the package facts in var
-#  ansible.builtin.debug:
-#    var: ansible_facts.packages
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 # install packages if is not in the system
 - name: install fail2ban package if is not in the system
   apt:
     name: fail2ban
     state: present
-#  when: packages.stdout.find('fail2ban') == ""
-#  when: "{{ packages['fail2ban'] | length }}"
   when: "'fail2ban' not in ansible_facts.packages"
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
-#  config fail2ban if is there is in the system
-#- name: config fail2ban
-#  x:
-#    x
-#    x
-#  when: "{{ ansible_facts.packages['fail2ban'] }} is defined "
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# configure fail2ban
+# template a file to /etc/fail2ban/jail.local
+- name: template a file to /etc/fail2ban/jail.local
+  template:
+    src: jail.j2
+    dest: "{{ path_jail_local }}"
+    owner: root
+    group: root
+    mode: '0644'
+    backup: true
+#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

linux/base-config-debian/roles/config-fail2ban/templates/jail.j2

@@ -0,0 +1,26 @@
+# Jinja2 template for Fail2Ban jail.local
+
+#+++++++++++++++++++++++++++++++++++++
+# PLS , DONT EDIT THIS FILE , THIS FILE IS DEPLOYER WITH ANSIBLE TEMPLATES , IF U WANT SOME CHANGES OR ADD
+# EDIT THE FILE config-fail2ban.yaml IN GITEA REPO vn-ansible > linux > base-config-debian , AND ADD MORE VARS
+#+++++++++++++++++++++++++++++++++++++
+
+[DEFAULT]
+# Add any default configuration options here
+bantime = {{ bantime }}
+maxretry = {{ maxretry }}
+findtime = {{ findtime }}
+destemail = sysadmin@verdnatura.es
+action = %(action_)s
+
+
+{% for jail in jails %}
+[{{ jail.name }}]
+enabled = {{ jail.enabled }}
+filter = {{ jail.filter }}
+logpath = {{ jail.logpath }}
+port = {{ jail.port | join(' ') }}
+maxretry = {{ jail.maxretry }}
+bantime = {{ jail.bantime }}
+findtime = {{ jail.findtime }}
+{% endfor %}

linux/base-config-debian/roles/config-fail2ban/vars/main.yaml

@@ -0,0 +1,2 @@
+# vars file
+path_jail_local: /etc/fail2ban/jail.local