55 lines
1.2 KiB
YAML
55 lines
1.2 KiB
YAML
---
|
|
# tasks file for fail2ban
|
|
- name: install fail2ban
|
|
package:
|
|
name: "{{ fail2ban_packages }}"
|
|
state: present
|
|
register: fail2ban_install_fail2ban
|
|
until: fail2ban_install_fail2ban is succeeded
|
|
retries: 3
|
|
|
|
- name: configure fail2ban.conf
|
|
ini_file:
|
|
path: /etc/fail2ban/fail2ban.conf
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
with_items:
|
|
- "{{ fail2ban_base_configuration + fail2ban_configuration }}"
|
|
notify:
|
|
- restart fail2ban
|
|
loop_control:
|
|
label: "{{ item.option }}"
|
|
|
|
- name: configure jail.conf
|
|
ini_file:
|
|
path: /etc/fail2ban/jail.conf
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
with_items:
|
|
- "{{ fail2ban_base_jail_configuration + fail2ban_jail_configuration }}"
|
|
notify:
|
|
- restart fail2ban
|
|
loop_control:
|
|
label: "{{ item.option }}"
|
|
|
|
- name: stat auth log file
|
|
stat:
|
|
path: /var/log/auth.log
|
|
register: auth
|
|
|
|
- name: touch auth log file
|
|
file:
|
|
path: /var/log/auth.log
|
|
state: touch
|
|
when: auth.stat.exists is defined and not auth.stat.exists
|
|
|
|
- name: start and enable fail2ban
|
|
service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: yes
|
|
with_items:
|
|
- "{{ fail2ban_service }}"
|