- name: Install fail2ban and rsyslog packages
  apt:
    name: "{{ fail2ban_base_packages }}"
    state: present
- name: Configure sshd_config settings
  copy:
    dest: /etc/ssh/sshd_config.d/vn-fail2ban.conf
    content: |
      # Do not edit this file! Ansible will overwrite it.
      
      SyslogFacility AUTH
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: restart sshd
- name: Configure fail2ban service
  template:
    src: jail.local
    dest: /etc/fail2ban/jail.local
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify: restart fail2ban
  register: jail
- name: Ensure file for auth sshd custom log exists
  file:
    path: /var/log/auth.log
    state: touch
    owner: root
    group: adm
    mode: u=rw,g=r,o=
  when: jail.changed