59 lines
1.4 KiB
YAML
59 lines
1.4 KiB
YAML
---
|
|
# tasks file for fail2ban
|
|
|
|
- name: include assert.yml
|
|
import_tasks: assert.yml
|
|
run_once: yes
|
|
delegate_to: localhost
|
|
|
|
- name: install fail2ban
|
|
ansible.builtin.package:
|
|
name: "{{ fail2ban_packages }}"
|
|
state: present
|
|
|
|
- name: configure fail2ban.conf
|
|
community.general.ini_file:
|
|
path: /etc/fail2ban/fail2ban.conf
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
mode: "0640"
|
|
loop: "{{ fail2ban_base_configuration + fail2ban_configuration }}"
|
|
notify:
|
|
- restart fail2ban
|
|
loop_control:
|
|
label: "{{ item.option }}"
|
|
|
|
- name: configure jail.local
|
|
community.general.ini_file:
|
|
path: /etc/fail2ban/jail.local
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
mode: "0640"
|
|
loop: "{{ fail2ban_base_jail_configuration + fail2ban_jail_configuration }}"
|
|
notify:
|
|
- restart fail2ban
|
|
loop_control:
|
|
label: "{{ item.option }}"
|
|
|
|
- name: stat auth log file
|
|
ansible.builtin.stat:
|
|
path: /var/log/auth.log
|
|
register: fail2ban_auth
|
|
|
|
- name: touch auth log file
|
|
ansible.builtin.file:
|
|
path: /var/log/auth.log
|
|
state: touch
|
|
mode: "0640"
|
|
when:
|
|
- fail2ban_auth.stat.exists is defined
|
|
- not fail2ban_auth.stat.exists
|
|
|
|
- name: start and enable fail2ban
|
|
ansible.builtin.service:
|
|
name: "{{ fail2ban_service }}"
|
|
state: started
|
|
enabled: yes
|