33 lines
774 B
YAML
33 lines
774 B
YAML
- name: Install fail2ban and rsyslog packages
|
|
apt:
|
|
name: "{{ fail2ban_base_packages }}"
|
|
state: present
|
|
- name: Configure sshd_config settings
|
|
copy:
|
|
dest: /etc/ssh/sshd_config.d/vn-fail2ban.conf
|
|
content: |
|
|
# Do not edit this file! Ansible will overwrite it.
|
|
|
|
SyslogFacility AUTH
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
notify: restart sshd
|
|
- name: Configure fail2ban service
|
|
template:
|
|
src: jail.local
|
|
dest: /etc/fail2ban/jail.local
|
|
owner: root
|
|
group: root
|
|
mode: u=rw,g=r,o=r
|
|
notify: restart fail2ban
|
|
register: jail
|
|
- name: Ensure file for auth sshd custom log exists
|
|
file:
|
|
path: /var/log/auth.log
|
|
state: touch
|
|
owner: root
|
|
group: adm
|
|
mode: u=rw,g=r,o=
|
|
when: jail.changed
|