gitadmin
/
ansible-development-environment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible-development-environ.../roles/robertdebock.fail2ban/README.md

183 lines
5.5 KiB
Markdown
Raw Blame History

# [fail2ban](#fail2ban)
Install and configure fail2ban on your system.
|Travis|GitHub|Quality|Downloads|Version|
|------|------|-------|---------|-------|
|[![travis](https://travis-ci.com/robertdebock/ansible-role-fail2ban.svg?branch=master)](https://travis-ci.com/robertdebock/ansible-role-fail2ban)|[![github](https://github.com/robertdebock/ansible-role-fail2ban/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-fail2ban/actions)|[![quality](https://img.shields.io/ansible/quality/22987)](https://galaxy.ansible.com/robertdebock/fail2ban)|[![downloads](https://img.shields.io/ansible/role/d/22987)](https://galaxy.ansible.com/robertdebock/fail2ban)|[![Version](https://img.shields.io/github/release/robertdebock/ansible-role-fail2ban.svg)](https://github.com/robertdebock/ansible-role-fail2ban/releases/)|
## [Example Playbook](#example-playbook)
This example is taken from `molecule/resources/converge.yml` and is tested on each push, pull request and release.
```yaml
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
roles:
- role: robertdebock.fail2ban
```
The machine may need to be prepared using `molecule/resources/prepare.yml`:
```yaml
---
- name: Prepare
hosts: all
gather_facts: no
become: yes
roles:
- role: robertdebock.bootstrap
- role: robertdebock.epel
```
For verification `molecule/resources/verify.yml` runs after the role has been applied.
```yaml
---
- name: Verify
hosts: all
become: yes
gather_facts: no
tasks:
- name: check if connection still works
ping:
```
Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles.
## [Role Variables](#role-variables)
These variables are set in `defaults/main.yml`:
```yaml
---
# defaults file for fail2ban
fail2ban_loglevel: INFO
fail2ban_logtarget: /var/log/fail2ban.log
fail2ban_ignoreself: "true"
fail2ban_ignoreips: "127.0.0.1/8 ::1"
# In seconds
fail2ban_bantime: 600
fail2ban_findtime: 600
fail2ban_maxretry: 5
fail2ban_destemail: root@localhost
fail2ban_sender: root@{{ ansible_fqdn }}
fail2ban_configuration: []
# - option: loglevel
# value: "INFO"
# section: Definition
fail2ban_jail_configuration: []
# - option: ignoreself
# value: "true"
# section: DEFAULT
```
## [Requirements](#requirements)
- Access to a repository containing packages, likely on the internet.
- A recent version of Ansible. (Tests run on the current, previous and next release of Ansible.)
The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`:
```yaml
---
- robertdebock.bootstrap
- robertdebock.epel
```
## [Context](#context)
This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information.
Here is an overview of related roles:
![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/fail2ban.png "Dependency")
## [Compatibility](#compatibility)
This role has been tested on these [container images](https://hub.docker.com/u/robertdebock):
|container|tags|
|---------|----|
|amazon|2018.03|
|el|7, 8|
|debian|buster, bullseye|
|fedora|31, 32|
|opensuse|all|
|ubuntu|focal, bionic, xenial|
The minimum version of Ansible required is 2.8 but tests have been done to:
- The previous version, on version lower.
- The current version.
- The development version.
## [Exceptions](#exceptions)
Some variarations of the build matrix do not work. These are the variations and reasons why the build won't work:
| variation | reason |
|---------------------------|------------------------|
| alpine | Service `fail2ban' needs non existent service `logger' |
| amazonlinux:1 | file /etc/ethertypes conflicts between attempted installs of ebtables-2.0.10-16.amzn2.x86_64 and iptables-1.8.2-16.amzn2.0.1.x86_64 |
## [Testing](#testing)
[Unit tests](https://travis-ci.com/robertdebock/ansible-role-fail2ban) are done on every commit, pull request, release and periodically.
If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-fail2ban/issues)
Testing is done using [Tox](https://tox.readthedocs.io/en/latest/) and [Molecule](https://github.com/ansible/molecule):
[Tox](https://tox.readthedocs.io/en/latest/) tests multiple ansible versions.
[Molecule](https://github.com/ansible/molecule) tests multiple distributions.
To test using the defaults (any installed ansible version, namespace: `robertdebock`, image: `fedora`, tag: `latest`):
```
molecule test
# Or select a specific image:
image=ubuntu molecule test
# Or select a specific image and a specific tag:
image="debian" tag="stable" tox
```
Or you can test multiple versions of Ansible, and select images:
Tox allows multiple versions of Ansible to be tested. To run the default (namespace: `robertdebock`, image: `fedora`, tag: `latest`) tests:
```
tox
# To run CentOS (namespace: `robertdebock`, tag: `latest`)
image="centos" tox
# Or customize more:
image="debian" tag="stable" tox
```
## [License](#license)
Apache-2.0
## [Contributors](#contributors)
I'd like to thank everybody that made contributions to this repository. It motivates me, improves the code and is just fun to collaborate.
- [j8r](https://github.com/j8r)
- [rgevaert](https://github.com/rgevaert)
## [Author Information](#author-information)
[Robert de Bock](https://robertdebock.nl/)
Please consider [sponsoring me](https://github.com/sponsors/robertdebock).
Reference in New Issue View Git Blame Copy Permalink