o Adjusting fail2ban.

5 files changed, 35 insertions, 0 deletions

diff --git a/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf
new file mode 100644
index 0000000..02f32b8
--- /dev/null
+++ b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf
@@ -0,0 +1,16 @@
+# Managed by Ansible
+
+[sshd]
+enabled = true
+maxretry = 3
+bantime = 12h
+
+[postfix]
+enabled = true
+maxretry = 3
+bantime = 12h
+
+[dovecot]
+enabled = true
+maxretry = 3
+bantime = 12h
diff --git a/ansible/roles/knot-misc/handlers/fail2ban.yml b/ansible/roles/knot-misc/handlers/fail2ban.yml
new file mode 100644
index 0000000..8340622
--- /dev/null
+++ b/ansible/roles/knot-misc/handlers/fail2ban.yml
@@ -0,0 +1,4 @@
+- name: restart fail2ban 
+  service:
+    name: fail2ban
+    state: reloaded
diff --git a/ansible/roles/knot-misc/handlers/main.yml b/ansible/roles/knot-misc/handlers/main.yml
new file mode 100644
index 0000000..b4a5aca
--- /dev/null
+++ b/ansible/roles/knot-misc/handlers/main.yml
@@ -0,0 +1 @@
+- include: fail2ban.yml
diff --git a/ansible/roles/knot-misc/tasks/fail2ban.yml b/ansible/roles/knot-misc/tasks/fail2ban.yml
new file mode 100644
index 0000000..49e1c57
--- /dev/null
+++ b/ansible/roles/knot-misc/tasks/fail2ban.yml
@@ -0,0 +1,11 @@
+- name: /etc/fail2ban/jail.local
+  notify: restart fail2ban
+  copy:
+    dest: /etc/fail2ban/jail.local
+    content: ""
+
+- name: /etc/fail2ban/jail.d/99-ansible.conf
+  notify: restart fail2ban
+  copy:
+    src: etc/fail2ban/jail.d/99-ansible.conf
+    dest: /etc/fail2ban/jail.d/99-ansible.conf
diff --git a/ansible/roles/knot-misc/tasks/main.yml b/ansible/roles/knot-misc/tasks/main.yml
new file mode 100644
index 0000000..94a1388
--- /dev/null
+++ b/ansible/roles/knot-misc/tasks/main.yml
@@ -0,0 +1,3 @@
+- name: fail2ban
+  tags: fail2ban
+  include: fail2ban.yml