123 lines
4.4 KiB
Markdown
123 lines
4.4 KiB
Markdown
# [fail2ban](#fail2ban)
|
|
|
|
Install and configure fail2ban on your system.
|
|
|
|
|GitHub|GitLab|Quality|Downloads|Version|
|
|
|------|------|-------|---------|-------|
|
|
|[](https://github.com/robertdebock/ansible-role-fail2ban/actions)|[](https://gitlab.com/robertdebock/ansible-role-fail2ban)|[](https://galaxy.ansible.com/robertdebock/fail2ban)|[](https://galaxy.ansible.com/robertdebock/fail2ban)|[](https://github.com/robertdebock/ansible-role-fail2ban/releases/)|
|
|
|
|
## [Example Playbook](#example-playbook)
|
|
|
|
This example is taken from `molecule/default/converge.yml` and is tested on each push, pull request and release.
|
|
```yaml
|
|
---
|
|
- name: Converge
|
|
hosts: all
|
|
become: yes
|
|
gather_facts: yes
|
|
|
|
roles:
|
|
- role: robertdebock.fail2ban
|
|
```
|
|
|
|
The machine needs to be prepared. In CI this is done using `molecule/default/prepare.yml`:
|
|
```yaml
|
|
---
|
|
- name: Prepare
|
|
hosts: all
|
|
gather_facts: no
|
|
become: yes
|
|
|
|
roles:
|
|
- role: robertdebock.bootstrap
|
|
- role: robertdebock.epel
|
|
```
|
|
|
|
Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles.
|
|
|
|
## [Role Variables](#role-variables)
|
|
|
|
The default values for the variables are set in `defaults/main.yml`:
|
|
```yaml
|
|
---
|
|
# defaults file for fail2ban
|
|
|
|
fail2ban_loglevel: INFO
|
|
fail2ban_logtarget: /var/log/fail2ban.log
|
|
|
|
fail2ban_ignoreself: "true"
|
|
fail2ban_ignoreips: "127.0.0.1/8 ::1"
|
|
|
|
# In seconds
|
|
fail2ban_bantime: 600
|
|
fail2ban_findtime: 600
|
|
|
|
fail2ban_maxretry: 5
|
|
fail2ban_destemail: root@localhost
|
|
fail2ban_sender: root@{{ ansible_fqdn }}
|
|
|
|
fail2ban_configuration: []
|
|
# - option: loglevel
|
|
# value: "INFO"
|
|
# section: Definition
|
|
|
|
fail2ban_jail_configuration: []
|
|
# - option: ignoreself
|
|
# value: "true"
|
|
# section: DEFAULT
|
|
|
|
# Path to directory containing filters to copy in filter.d
|
|
# fail2ban_filterd_path:
|
|
```
|
|
|
|
## [Requirements](#requirements)
|
|
|
|
- pip packages listed in [requirements.txt](https://github.com/robertdebock/ansible-role-fail2ban/blob/master/requirements.txt).
|
|
|
|
## [Status of used roles](#status-of-requirements)
|
|
|
|
The following roles are used to prepare a system. You can prepare your system in another way.
|
|
|
|
| Requirement | GitHub | GitLab |
|
|
|-------------|--------|--------|
|
|
|[robertdebock.bootstrap](https://galaxy.ansible.com/robertdebock/bootstrap)|[](https://github.com/robertdebock/ansible-role-bootstrap/actions)|[](https://gitlab.com/robertdebock/ansible-role-bootstrap)|
|
|
|[robertdebock.epel](https://galaxy.ansible.com/robertdebock/epel)|[](https://github.com/robertdebock/ansible-role-epel/actions)|[](https://gitlab.com/robertdebock/ansible-role-epel)|
|
|
|
|
## [Context](#context)
|
|
|
|
This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information.
|
|
|
|
Here is an overview of related roles:
|
|
|
|
|
|
## [Compatibility](#compatibility)
|
|
|
|
This role has been tested on these [container images](https://hub.docker.com/u/robertdebock):
|
|
|
|
|container|tags|
|
|
|---------|----|
|
|
|amazon|Candidate|
|
|
|el|8|
|
|
|debian|all|
|
|
|fedora|all|
|
|
|ubuntu|all|
|
|
|
|
The minimum version of Ansible required is 2.10, tests have been done to:
|
|
|
|
- The previous version.
|
|
- The current version.
|
|
- The development version.
|
|
|
|
|
|
If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-fail2ban/issues)
|
|
|
|
## [License](#license)
|
|
|
|
Apache-2.0
|
|
|
|
## [Author Information](#author-information)
|
|
|
|
[Robert de Bock](https://robertdebock.nl/)
|
|
|
|
Please consider [sponsoring me](https://github.com/sponsors/robertdebock).
|