# =========================================================================== # # __ ____ _ _____ __ # _________ / /__ / __/___ _(_) /__ \ / /_ ____ _____ # / ___/ __ \/ / _ \ / /_/ __ `/ / /__/ // __ \/ __ `/ __ \ # / / / /_/ / / __/ / __/ /_/ / / // __// /_/ / /_/ / / / / # /_/ \____/_/\___(_) /_/ \__,_/_/_//____/_.___/\__,_/_/ /_/ # # =========================================================================== # --- - name: Check installation of fail2ban package: name: fail2ban state: present - name: Check existence of fail2ban config file -- jail.local stat: path: /etc/fail2ban/jail.local register: stat_result - name: Backing up ancient fail2ban config file -- jail.local.backup shell: cp /etc/fail2ban/jail.local /etc/fail2ban/jail.local.backup when: stat_result.stat.exists - name: Copy fail2ban jail.local copy: src: jail.local dest: /etc/fail2ban/ owner: root group: root mode: "0644" - name: Copy fail2ban path-defaults.conf copy: src: jail.local dest: /etc/fail2ban/ owner: root group: root mode: "0644" - name: Copy fail2ban path-defaults.conf copy: src: jail.local dest: /etc/fail2ban/ owner: root group: root mode: "0644" - name: Copy fail2ban jail-sshd.conf copy: src: jail-sshd.conf dest: /etc/fail2ban/jail.d owner: root group: root mode: "0644" - name: Copy fail2ban jail-lighttpd.conf copy: src: jail-lighttpd.conf dest: /etc/fail2ban/jail.d owner: root group: root mode: "0644" when: inventory_hostname in groups["server-web"] - name: Restart fail2ban service systemd: name: fail2ban enabled: yes state: restarted