From 68c01a04cd6268c1dee66678c258cd4c240d5bb1 Mon Sep 17 00:00:00 2001 From: binary Date: Tue, 30 Jun 2020 19:24:22 +0200 Subject: Cleanup for public release --- roles/setup_fail2ban/tasks/main.yml | 72 +++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 roles/setup_fail2ban/tasks/main.yml (limited to 'roles/setup_fail2ban') diff --git a/roles/setup_fail2ban/tasks/main.yml b/roles/setup_fail2ban/tasks/main.yml new file mode 100644 index 0000000..b0edb6e --- /dev/null +++ b/roles/setup_fail2ban/tasks/main.yml @@ -0,0 +1,72 @@ + +# =========================================================================== # +# __ ____ _ _____ __ +# _________ / /__ / __/___ _(_) /__ \ / /_ ____ _____ +# / ___/ __ \/ / _ \ / /_/ __ `/ / /__/ // __ \/ __ `/ __ \ +# / / / /_/ / / __/ / __/ /_/ / / // __// /_/ / /_/ / / / / +# /_/ \____/_/\___(_) /_/ \__,_/_/_//____/_.___/\__,_/_/ /_/ +# +# =========================================================================== # + +--- +- name: Check installation of fail2ban + package: + name: fail2ban + state: present + +- name: Check existence of fail2ban config file -- jail.local + stat: + path: /etc/fail2ban/jail.local + register: stat_result + +- name: Backing up ancient fail2ban config file -- jail.local.backup + shell: cp /etc/fail2ban/jail.local /etc/fail2ban/jail.local.backup + when: stat_result.stat.exists + +- name: Copy fail2ban :: jail.local + copy: + src: jail.local + dest: /etc/fail2ban/ + owner: root + group: root + mode: "0644" + +- name: Copy fail2ban :: path-defaults.conf + copy: + src: jail.local + dest: /etc/fail2ban/ + owner: root + group: root + mode: "0644" + +- name: Copy fail2ban :: path-defaults.conf + copy: + src: jail.local + dest: /etc/fail2ban/ + owner: root + group: root + mode: "0644" + +- name: Copy fail2ban :: jail-sshd.conf + copy: + src: jail-sshd.conf + dest: /etc/fail2ban/jail.d + owner: root + group: root + mode: "0644" + +- name: Copy fail2ban :: jail-lighttpd.conf + copy: + src: jail-lighttpd.conf + dest: /etc/fail2ban/jail.d + owner: root + group: root + mode: "0644" + when: inventory_hostname in groups["server-web"] + + +- name: Restart fail2ban service + systemd: + name: fail2ban + enabled: yes + state: restarted -- cgit v1.2.3