49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
---
|
|
|
|
- hosts: "{{ ip_addr }}"
|
|
become: yes
|
|
become_method: sudo
|
|
gather_facts: yes
|
|
|
|
tasks:
|
|
|
|
- name: set variables
|
|
set_fact:
|
|
bantime: "10m"
|
|
maxretry: "10"
|
|
findtime: "10m"
|
|
jails:
|
|
- name: sshd
|
|
enabled: true
|
|
filter: sshd
|
|
logpath: /var/log/lastlog
|
|
port: ['ssh', '22']
|
|
maxretry: 10
|
|
bantime: 10m
|
|
findtime: 10m
|
|
- name: asterisk
|
|
enabled: true
|
|
filter: asterisk
|
|
logpath: /var/log/asterisk/messages
|
|
port: ['asterisk', '5060']
|
|
maxretry: 10
|
|
bantime: 10m
|
|
findtime: 10m
|
|
|
|
- name: "[CONFIG FAIL2BAN] Install and configure fail2ban service"
|
|
import_role:
|
|
name: config-fail2ban
|
|
|
|
#In this template:
|
|
|
|
#{{ bantime }}, {{ maxretry }}, and {{ findtime }} represent the global default values for these settings.
|
|
#For each jail, you can specify various options including:
|
|
#{{ jail.name }}: The name of the jail.
|
|
#{{ jail.enabled }}: Whether the jail is enabled or not.
|
|
#{{ jail.filter }}: The filter for the jail.
|
|
#{{ jail.logpath }}: The log file path that Fail2Ban should monitor.
|
|
#{{ jail.port | join(' ') }}: The port(s) to monitor.
|
|
#{{ jail.maxretry }}: The maximum number of retries before banning.
|
|
#{{ jail.bantime }}: The ban time for this jail.
|
|
#{{ jail.findtime }}: The time window for counting retries.
|