56 lines
1.2 KiB
YAML
56 lines
1.2 KiB
YAML
---
|
|
# tasks file for fail2ban
|
|
- name: include assert.yml
|
|
include_tasks: assert.yml
|
|
|
|
- name: install fail2ban
|
|
package:
|
|
name: "{{ fail2ban_packages }}"
|
|
state: present
|
|
|
|
- name: configure fail2ban.conf
|
|
ini_file:
|
|
path: /etc/fail2ban/fail2ban.conf
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
mode: "0640"
|
|
loop: "{{ fail2ban_base_configuration + fail2ban_configuration }}"
|
|
notify:
|
|
- restart fail2ban
|
|
loop_control:
|
|
label: "{{ item.option }}"
|
|
|
|
- name: configure jail.local
|
|
ini_file:
|
|
path: /etc/fail2ban/jail.local
|
|
section: "{{ item.section }}"
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
mode: "0640"
|
|
loop: "{{ fail2ban_base_jail_configuration + fail2ban_jail_configuration }}"
|
|
notify:
|
|
- restart fail2ban
|
|
loop_control:
|
|
label: "{{ item.option }}"
|
|
|
|
- name: stat auth log file
|
|
stat:
|
|
path: /var/log/auth.log
|
|
register: fail2ban_auth
|
|
|
|
- name: touch auth log file
|
|
file:
|
|
path: /var/log/auth.log
|
|
state: touch
|
|
mode: "0640"
|
|
when:
|
|
- fail2ban_auth.stat.exists is defined
|
|
- not fail2ban_auth.stat.exists
|
|
|
|
- name: start and enable fail2ban
|
|
service:
|
|
name: "{{ fail2ban_service }}"
|
|
state: started
|
|
enabled: yes
|