test
This commit is contained in:
parent
745b261ca4
commit
9680320f4e
|
|
@ -9,4 +9,45 @@
|
||||||
|
|
||||||
- name: "[CONFIG FAIL2BAN] Install and configure fail2ban service"
|
- name: "[CONFIG FAIL2BAN] Install and configure fail2ban service"
|
||||||
import_role:
|
import_role:
|
||||||
name: config-fail2ban
|
name: config-fail2ban
|
||||||
|
vars:
|
||||||
|
bantime: 10m
|
||||||
|
maxretry: 10
|
||||||
|
findtime: 10m
|
||||||
|
jail.name:
|
||||||
|
- sshd
|
||||||
|
- dns
|
||||||
|
jail.enabled:
|
||||||
|
- true
|
||||||
|
- true
|
||||||
|
jail.filter:
|
||||||
|
- sshd
|
||||||
|
- asterisk
|
||||||
|
jail.logpath:
|
||||||
|
- /var/log/lastlog
|
||||||
|
- /var/log/asterisk/messages
|
||||||
|
jail.port:
|
||||||
|
- 22
|
||||||
|
- 5060
|
||||||
|
jail.maxretry:
|
||||||
|
- 10
|
||||||
|
- 10
|
||||||
|
jail.bantime:
|
||||||
|
- 10m
|
||||||
|
- 10m
|
||||||
|
jail.findtime:
|
||||||
|
- 10m
|
||||||
|
- 10m
|
||||||
|
|
||||||
|
#In this template:
|
||||||
|
|
||||||
|
#{{ bantime }}, {{ maxretry }}, and {{ findtime }} represent the global default values for these settings.
|
||||||
|
#For each jail, you can specify various options including:
|
||||||
|
#{{ jail.name }}: The name of the jail.
|
||||||
|
#{{ jail.enabled }}: Whether the jail is enabled or not.
|
||||||
|
#{{ jail.filter }}: The filter for the jail.
|
||||||
|
#{{ jail.logpath }}: The log file path that Fail2Ban should monitor.
|
||||||
|
#{{ jail.port | join(' ') }}: The port(s) to monitor.
|
||||||
|
#{{ jail.maxretry }}: The maximum number of retries before banning.
|
||||||
|
#{{ jail.bantime }}: The ban time for this jail.
|
||||||
|
#{{ jail.findtime }}: The time window for counting retries.
|
||||||
|
|
|
||||||
|
|
@ -2,35 +2,32 @@
|
||||||
# Install and configure FAIL2BAN
|
# Install and configure FAIL2BAN
|
||||||
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
# comprobe if fail2ban is installed if not then install fail2ban
|
# comprobe if fail2ban is installed if not then install fail2ban
|
||||||
# Gather the package facts
|
# Gather the package facts
|
||||||
- name: Gather the package facts
|
- name: Gather the package facts
|
||||||
package_facts:
|
package_facts:
|
||||||
manager: auto
|
manager: auto
|
||||||
# register: ansible_facts.packages.stdout.find('fail2ban')
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
# register: packages
|
|
||||||
|
|
||||||
#- name: obtener paquete fail2ban
|
|
||||||
# set_fact:
|
|
||||||
# packages: "{{ ansible_facts.packages['fail2ban'] }}"
|
|
||||||
|
|
||||||
# print the package facts in var
|
|
||||||
#- name: print the package facts in var
|
|
||||||
# ansible.builtin.debug:
|
|
||||||
# var: ansible_facts.packages
|
|
||||||
|
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
# install packages if is not in the system
|
# install packages if is not in the system
|
||||||
- name: install fail2ban package if is not in the system
|
- name: install fail2ban package if is not in the system
|
||||||
apt:
|
apt:
|
||||||
name: fail2ban
|
name: fail2ban
|
||||||
state: present
|
state: present
|
||||||
# when: packages.stdout.find('fail2ban') == ""
|
|
||||||
# when: "{{ packages['fail2ban'] | length }}"
|
|
||||||
when: "'fail2ban' not in ansible_facts.packages"
|
when: "'fail2ban' not in ansible_facts.packages"
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
# config fail2ban if is there is in the system
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
#- name: config fail2ban
|
# configure fail2ban
|
||||||
# x:
|
# template a file to /etc/fail2ban/jail.local
|
||||||
# x
|
- name: template a file to /etc/fail2ban/jail.local
|
||||||
# x
|
template:
|
||||||
# when: "{{ ansible_facts.packages['fail2ban'] }} is defined "
|
src: jail.j2
|
||||||
|
dest: "{{ path_jail_local }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
backup: true
|
||||||
|
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,26 @@
|
||||||
|
# Jinja2 template for Fail2Ban jail.local
|
||||||
|
|
||||||
|
#+++++++++++++++++++++++++++++++++++++
|
||||||
|
# PLS , DONT EDIT THIS FILE , THIS FILE IS DEPLOYER WITH ANSIBLE TEMPLATES , IF U WANT SOME CHANGES OR ADD
|
||||||
|
# EDIT THE FILE config-fail2ban.yaml IN GITEA REPO vn-ansible > linux > base-config-debian , AND ADD MORE VARS
|
||||||
|
#+++++++++++++++++++++++++++++++++++++
|
||||||
|
|
||||||
|
[DEFAULT]
|
||||||
|
# Add any default configuration options here
|
||||||
|
bantime = {{ bantime }}
|
||||||
|
maxretry = {{ maxretry }}
|
||||||
|
findtime = {{ findtime }}
|
||||||
|
destemail = sysadmin@verdnatura.es
|
||||||
|
action = %(action_)s
|
||||||
|
|
||||||
|
|
||||||
|
{% for jail in jails %}
|
||||||
|
[{{ jail.name }}]
|
||||||
|
enabled = {{ jail.enabled }}
|
||||||
|
filter = {{ jail.filter }}
|
||||||
|
logpath = {{ jail.logpath }}
|
||||||
|
port = {{ jail.port | join(' ') }}
|
||||||
|
maxretry = {{ jail.maxretry }}
|
||||||
|
bantime = {{ jail.bantime }}
|
||||||
|
findtime = {{ jail.findtime }}
|
||||||
|
{% endfor %}
|
||||||
|
|
@ -0,0 +1,2 @@
|
||||||
|
# vars file
|
||||||
|
path_jail_local: /etc/fail2ban/jail.local
|
||||||
Loading…
Reference in New Issue