54 lines
1.5 KiB
YAML
54 lines
1.5 KiB
YAML
---
|
|
|
|
- hosts: "{{ ip_addr }}"
|
|
become: yes
|
|
become_method: sudo
|
|
gather_facts: yes
|
|
|
|
tasks:
|
|
|
|
- name: "[CONFIG FAIL2BAN] Install and configure fail2ban service"
|
|
import_role:
|
|
name: config-fail2ban
|
|
vars:
|
|
bantime: '10m'
|
|
maxretry: '10'
|
|
findtime: '10m'
|
|
jail.name:
|
|
- 'sshd'
|
|
- 'dns'
|
|
jail.enabled:
|
|
- 'true'
|
|
- 'true'
|
|
jail.filter:
|
|
- 'sshd'
|
|
- 'asterisk'
|
|
jail.logpath:
|
|
- '/var/log/lastlog'
|
|
- '/var/log/asterisk/messages'
|
|
jail.port:
|
|
- '22'
|
|
- '5060'
|
|
jail.maxretry:
|
|
- '10'
|
|
- '10'
|
|
jail.bantime:
|
|
- '10m'
|
|
- '10m'
|
|
jail.findtime:
|
|
- '10m'
|
|
- '10m'
|
|
|
|
#In this template:
|
|
|
|
#{{ bantime }}, {{ maxretry }}, and {{ findtime }} represent the global default values for these settings.
|
|
#For each jail, you can specify various options including:
|
|
#{{ jail.name }}: The name of the jail.
|
|
#{{ jail.enabled }}: Whether the jail is enabled or not.
|
|
#{{ jail.filter }}: The filter for the jail.
|
|
#{{ jail.logpath }}: The log file path that Fail2Ban should monitor.
|
|
#{{ jail.port | join(' ') }}: The port(s) to monitor.
|
|
#{{ jail.maxretry }}: The maximum number of retries before banning.
|
|
#{{ jail.bantime }}: The ban time for this jail.
|
|
#{{ jail.findtime }}: The time window for counting retries.
|