3.5 KiB
fail2ban
Install and configure fail2ban on your system.
Example Playbook
This example is taken from molecule/resources/playbook.yml:
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
roles:
- robertdebock.fail2ban
The machine you are running this on, may need to be prepared.
---
- name: Prepare
hosts: all
gather_facts: no
become: yes
roles:
- robertdebock.bootstrap
- robertdebock.epel
Also see a full explanation and example on how to use these roles.
Role Variables
These variables are set in defaults/main.yml:
---
# defaults file for fail2ban
fail2ban_loglevel: INFO
fail2ban_logtarget: /var/log/fail2ban.log
fail2ban_ignoreself: "true"
fail2ban_ignoreips: "127.0.0.1/8 ::1"
fail2ban_bantime: 10m
fail2ban_findtime: 10m
fail2ban_maxretry: 5
fail2ban_destemail: root@localhost
fail2ban_sender: root@{{ ansible_fqdn}}
Requirements
- Access to a repository containing packages, likely on the internet.
- A recent version of Ansible. (Tests run on the current, previous and next release of Ansible.)
The following roles can be installed to ensure all requirements are met, using ansible-galaxy install -r requirements.yml:
---
- robertdebock.bootstrap
- robertdebock.epel
Context
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
Compatibility
This role has been tested against the following distributions and Ansible version:
| distribution | ansible 2.7 | ansible 2.8 | ansible devel |
|---|---|---|---|
| alpine-edge* | yes | yes | yes* |
| alpine-latest | yes | yes | yes* |
| archlinux | yes | yes | yes* |
| centos-6 | yes | yes | yes* |
| centos-latest | yes | yes | yes* |
| debian-stable | yes | yes | yes* |
| debian-unstable* | yes | yes | yes* |
| fedora-latest | yes | yes | yes* |
| fedora-rawhide* | yes | yes | yes* |
| opensuse-leap | yes | yes | yes* |
| ubuntu-devel* | yes | yes | yes* |
| ubuntu-latest | yes | yes | yes* |
| ubuntu-rolling | yes | yes | yes* |
A single star means the build may fail, it's marked as an experimental build.
Testing
Unit tests are done on every commit and periodically.
If you find issues, please register them in GitHub
To test this role locally please use Molecule:
pip install molecule
molecule test
To test on Amazon EC2, configure ~/.aws/credentials and set a region using export AWS_REGION=eu-central-1 before running molecule test --scenario-name ec2.
There are many specific scenarios available, please have a look in the molecule/ directory.
License
Apache-2.0