fail2ban ========= [![Build Status](https://travis-ci.org/robertdebock/ansible-role-fail2ban.svg?branch=master)](https://travis-ci.org/robertdebock/ansible-role-fail2ban) Install and configure fail2ban on your system. Example Playbook ---------------- This example is taken from `molecule/default/playbook.yml`: ```yaml --- - name: Converge hosts: all become: yes gather_facts: yes roles: - robertdebock.fail2ban ``` The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook: ```yaml --- - name: Prepare hosts: all gather_facts: no roles: - robertdebock.bootstrap - robertdebock.epel ``` Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles. Role Variables -------------- These variables are set in `defaults/main.yml`: ```yaml --- # defaults file for fail2ban fail2ban_loglevel: INFO fail2ban_logtarget: /var/log/fail2ban.log fail2ban_ignoreself: true fail2ban_ignoreips: "127.0.0.1/8 ::1" fail2ban_bantime: 10m fail2ban_findtime: 10m fail2ban_maxretry: 5 fail2ban_destemail: root@localhost fail2ban_sender: root@{{ ansible_fqdn}} ``` Requirements ------------ - Access to a repository containing packages, likely on the internet. - A recent version of Ansible. (Tests run on the last 3 release of Ansible.) The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`: ```yaml --- - robertdebock.bootstrap - robertdebock.epel ``` Context ------- This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information. Here is an overview of related roles: ![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/fail2ban.png "Dependency") Compatibility ------------- This role has been tested against the following distributions and Ansible version: |distribution|ansible 2.6|ansible 2.7|ansible devel| |------------|-----------|-----------|-------------| |alpine-edge*|yes|yes|yes*| |alpine-latest|yes|yes|yes*| |archlinux|yes|yes|yes*| |centos-6|yes|yes|yes*| |centos-latest|yes|yes|yes*| |debian-latest|yes|yes|yes*| |debian-stable|yes|yes|yes*| |debian-unstable*|yes|yes|yes*| |fedora-latest|yes|yes|yes*| |fedora-rawhide*|yes|yes|yes*| |opensuse-leap|yes|yes|yes*| |ubuntu-devel*|yes|yes|yes*| |ubuntu-latest|yes|yes|yes*| |ubuntu-rolling|yes|yes|yes*| A single star means the build may fail, it's marked as an experimental build. Testing ------- [Unit tests](https://travis-ci.org/robertdebock/ansible-role-fail2ban) are done on every commit and periodically. If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-fail2ban/issues) To test this role locally please use [Molecule](https://github.com/metacloud/molecule): ``` pip install molecule molecule test ``` To test on Amazon EC2, configure [~/.aws/credentials](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) and `export AWS_REGION=eu-central-1` before running `molecule test --scenario-name ec2`. There are many specific scenarios available, please have a look in the `molecule/` directory. Run the [ansible-galaxy](https://github.com/ansible/galaxy-lint-rules) and [my](https://github.com/robertdebock/ansible-lint-rules) lint rules if you want your change to be merges: ```shell git clone https://github.com/ansible/ansible-lint.git /tmp/ansible-lint ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules . git clone https://github.com/robertdebock/ansible-lint /tmp/my-ansible-lint ansible-lint -r /tmp/my-ansible-lint/rules . ``` License ------- Apache-2.0 Author Information ------------------ [Robert de Bock](https://robertdebock.nl/)