41 lines
1.6 KiB
YAML
41 lines
1.6 KiB
YAML
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# Install and configure FAIL2BAN
|
|
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# comprobe if fail2ban is installed if not then install fail2ban
|
|
# Gather the package facts
|
|
# - name: Gather the package facts
|
|
# package_facts:
|
|
# manager: auto
|
|
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# install packages if is not in the system
|
|
- name: install fail2ban package if is not in the system
|
|
apt:
|
|
name: fail2ban
|
|
state: present
|
|
# when: "'fail2ban' not in ansible_facts.packages" # ansible comprobes if is ok its installed
|
|
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# configure fail2ban
|
|
# template a file to /etc/fail2ban/jail.local
|
|
- name: template a file to /etc/fail2ban/jail.local
|
|
template:
|
|
src: jail2.j2
|
|
dest: "{{ path_jail_local }}"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
backup: true
|
|
notify: restart fail2ban
|
|
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
# service nftables should start on boot.
|
|
- name: service nftables should start on boot
|
|
service:
|
|
name: "{{ nftables_daemon }}"
|
|
enabled: true
|
|
notify: restart nftables
|
|
# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|