vn-ansible/linux/base-config-debian/config-fail2ban.yaml

49 lines
1.5 KiB
YAML

---
- hosts: "{{ ip_addr }}"
become: yes
become_method: sudo
gather_facts: yes
tasks:
- name: set variables
set_fact:
bantime: "10m"
maxretry: "10"
findtime: "10m"
jails:
- name: sshd
enabled: true
filter: sshd
logpath: /var/log/lastlog
port: ['ssh', '22']
maxretry: 10
bantime: 10m
findtime: 10m
- name: asterisk
enabled: true
filter: asterisk
logpath: /var/log/asterisk/messages
port: ['asterisk', '5060']
maxretry: 10
bantime: 10m
findtime: 10m
- name: "[CONFIG FAIL2BAN] Install and configure fail2ban service"
import_role:
name: config-fail2ban
#In this template:
#{{ bantime }}, {{ maxretry }}, and {{ findtime }} represent the global default values for these settings.
#For each jail, you can specify various options including:
#{{ jail.name }}: The name of the jail.
#{{ jail.enabled }}: Whether the jail is enabled or not.
#{{ jail.filter }}: The filter for the jail.
#{{ jail.logpath }}: The log file path that Fail2Ban should monitor.
#{{ jail.port | join(' ') }}: The port(s) to monitor.
#{{ jail.maxretry }}: The maximum number of retries before banning.
#{{ jail.bantime }}: The ban time for this jail.
#{{ jail.findtime }}: The time window for counting retries.