2022-12-18 23:43:40 +01:00
|
|
|
---
|
2022-12-20 17:31:37 +01:00
|
|
|
- name: "install fail2ban"
|
2022-12-04 15:14:43 +01:00
|
|
|
ansible.builtin.apt:
|
|
|
|
|
name: "fail2ban"
|
|
|
|
|
|
2022-12-20 17:31:37 +01:00
|
|
|
- name: "configure fail2ban"
|
2022-12-04 15:14:43 +01:00
|
|
|
ansible.builtin.template:
|
2022-12-20 17:31:37 +01:00
|
|
|
src: "./jail.local.j2"
|
2022-12-04 15:14:43 +01:00
|
|
|
dest: "/etc/fail2ban/jail.local"
|
|
|
|
|
mode: 0644
|
2022-12-08 23:19:54 +01:00
|
|
|
register: system_base_fail2ban_conf
|
2022-12-04 15:14:43 +01:00
|
|
|
|
2022-12-20 17:31:37 +01:00
|
|
|
- name: "configure fail2ban sshd jail"
|
2022-12-04 15:14:43 +01:00
|
|
|
ansible.builtin.template:
|
2022-12-20 17:31:37 +01:00
|
|
|
src: "./jail.d/sshd.local.j2"
|
2022-12-04 15:14:43 +01:00
|
|
|
dest: "/etc/fail2ban/jail.d/sshd.local"
|
|
|
|
|
mode: 0644
|
2022-12-08 23:19:54 +01:00
|
|
|
register: system_base_fail2ban_sshd_jail
|
2022-12-04 15:14:43 +01:00
|
|
|
|
2022-12-20 17:31:37 +01:00
|
|
|
- name: "enable fail2ban"
|
2022-12-04 15:14:43 +01:00
|
|
|
ansible.builtin.systemd:
|
|
|
|
|
name: "fail2ban"
|
|
|
|
|
enabled: true
|
|
|
|
|
|
2022-12-20 17:31:37 +01:00
|
|
|
- name: "start fail2ban"
|
2022-12-04 15:14:43 +01:00
|
|
|
ansible.builtin.systemd:
|
|
|
|
|
name: "fail2ban"
|
|
|
|
|
state: "started"
|
2022-12-08 23:19:54 +01:00
|
|
|
register: system_base_fail2ban_start
|
2022-12-04 15:14:43 +01:00
|
|
|
|
2022-12-20 17:31:37 +01:00
|
|
|
- name: "restart fail2ban"
|
2022-12-04 15:14:43 +01:00
|
|
|
ansible.builtin.systemd:
|
|
|
|
|
name: "fail2ban"
|
|
|
|
|
state: "restarted"
|
|
|
|
|
when:
|
2022-12-08 23:19:54 +01:00
|
|
|
(system_base_fail2ban_conf.changed or
|
|
|
|
|
system_base_fail2ban_sshd_jail.changed) and
|
|
|
|
|
not system_base_fail2ban_start.changed
|
