ansible-edda/tasks/fail2ban.yml

32 lines
672 B
YAML

- name: Install fail2ban
apt:
name: fail2ban
- name: Configure fail2ban
template:
src: ./filesystem/common/etc/fail2ban/jail.local.j2
dest: /etc/fail2ban/jail.local
mode: 0644
register: fail2ban_conf
- name: Configure fail2ban sshd jail
template:
src: ./filesystem/common/etc/fail2ban/jail.d/sshd.local.j2
dest: /etc/fail2ban/jail.d/sshd.local
mode: 0644
register: fail2ban_sshd_jail
- name: Enable/start fail2ban
systemd:
name: fail2ban
state: started
enabled: yes
- name: Restart fail2ban
systemd:
name: fail2ban
state: restarted
when:
fail2ban_conf is changed or
fail2ban_sshd_jail is changed