38 lines
787 B
YAML
38 lines
787 B
YAML
- name: Install fail2ban
|
|
apt:
|
|
name: fail2ban
|
|
|
|
- name: Configure fail2ban
|
|
template:
|
|
src: ./filesystem/common/etc/fail2ban/jail.local.j2
|
|
dest: /etc/fail2ban/jail.local
|
|
mode: 0644
|
|
register: fail2ban_conf
|
|
|
|
- name: Configure fail2ban sshd jail
|
|
template:
|
|
src: ./filesystem/common/etc/fail2ban/jail.d/sshd.local.j2
|
|
dest: /etc/fail2ban/jail.d/sshd.local
|
|
mode: 0644
|
|
register: fail2ban_sshd_jail
|
|
|
|
- name: Enable fail2ban
|
|
systemd:
|
|
name: fail2ban
|
|
enabled: yes
|
|
|
|
- name: Start fail2ban
|
|
systemd:
|
|
name: fail2ban
|
|
state: started
|
|
register: fail2ban_start
|
|
|
|
- name: Restart fail2ban
|
|
systemd:
|
|
name: fail2ban
|
|
state: restarted
|
|
when:
|
|
(fail2ban_conf is changed or
|
|
fail2ban_sshd_jail is changed) and
|
|
fail2ban_start is not changed
|