aboutsummaryrefslogtreecommitdiffstats
path: root/roles/setup_fail2ban
diff options
context:
space:
mode:
Diffstat (limited to 'roles/setup_fail2ban')
-rw-r--r--roles/setup_fail2ban/tasks/main.yml72
1 files changed, 72 insertions, 0 deletions
diff --git a/roles/setup_fail2ban/tasks/main.yml b/roles/setup_fail2ban/tasks/main.yml
new file mode 100644
index 0000000..b0edb6e
--- /dev/null
+++ b/roles/setup_fail2ban/tasks/main.yml
@@ -0,0 +1,72 @@
+
+# =========================================================================== #
+# __ ____ _ _____ __
+# _________ / /__ / __/___ _(_) /__ \ / /_ ____ _____
+# / ___/ __ \/ / _ \ / /_/ __ `/ / /__/ // __ \/ __ `/ __ \
+# / / / /_/ / / __/ / __/ /_/ / / // __// /_/ / /_/ / / / /
+# /_/ \____/_/\___(_) /_/ \__,_/_/_//____/_.___/\__,_/_/ /_/
+#
+# =========================================================================== #
+
+---
+- name: Check installation of fail2ban
+ package:
+ name: fail2ban
+ state: present
+
+- name: Check existence of fail2ban config file -- jail.local
+ stat:
+ path: /etc/fail2ban/jail.local
+ register: stat_result
+
+- name: Backing up ancient fail2ban config file -- jail.local.backup
+ shell: cp /etc/fail2ban/jail.local /etc/fail2ban/jail.local.backup
+ when: stat_result.stat.exists
+
+- name: Copy fail2ban :: jail.local
+ copy:
+ src: jail.local
+ dest: /etc/fail2ban/
+ owner: root
+ group: root
+ mode: "0644"
+
+- name: Copy fail2ban :: path-defaults.conf
+ copy:
+ src: jail.local
+ dest: /etc/fail2ban/
+ owner: root
+ group: root
+ mode: "0644"
+
+- name: Copy fail2ban :: path-defaults.conf
+ copy:
+ src: jail.local
+ dest: /etc/fail2ban/
+ owner: root
+ group: root
+ mode: "0644"
+
+- name: Copy fail2ban :: jail-sshd.conf
+ copy:
+ src: jail-sshd.conf
+ dest: /etc/fail2ban/jail.d
+ owner: root
+ group: root
+ mode: "0644"
+
+- name: Copy fail2ban :: jail-lighttpd.conf
+ copy:
+ src: jail-lighttpd.conf
+ dest: /etc/fail2ban/jail.d
+ owner: root
+ group: root
+ mode: "0644"
+ when: inventory_hostname in groups["server-web"]
+
+
+- name: Restart fail2ban service
+ systemd:
+ name: fail2ban
+ enabled: yes
+ state: restarted
remember that computers suck.