aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2018-08-30 13:50:32 +0200
committerTrygve Laugstøl <trygvis@inamo.no>2018-08-30 13:53:34 +0200
commitc1fe8d9551e337031e5a5d62224779b389872ea3 (patch)
treee1fd59f207a6384d30ed8b77b98ad0c1c54c6718 /ansible/roles
parent1dbf3a806335ac88d011355391a1d431cfd26f4c (diff)
downloadinfra-c1fe8d9551e337031e5a5d62224779b389872ea3.tar.gz
infra-c1fe8d9551e337031e5a5d62224779b389872ea3.tar.bz2
infra-c1fe8d9551e337031e5a5d62224779b389872ea3.tar.xz
infra-c1fe8d9551e337031e5a5d62224779b389872ea3.zip
o Adjusting fail2ban.
Diffstat (limited to 'ansible/roles')
-rw-r--r--ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf16
-rw-r--r--ansible/roles/knot-misc/handlers/fail2ban.yml4
-rw-r--r--ansible/roles/knot-misc/handlers/main.yml1
-rw-r--r--ansible/roles/knot-misc/tasks/fail2ban.yml11
-rw-r--r--ansible/roles/knot-misc/tasks/main.yml3
5 files changed, 35 insertions, 0 deletions
diff --git a/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf
new file mode 100644
index 0000000..02f32b8
--- /dev/null
+++ b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf
@@ -0,0 +1,16 @@
+# Managed by Ansible
+
+[sshd]
+enabled = true
+maxretry = 3
+bantime = 12h
+
+[postfix]
+enabled = true
+maxretry = 3
+bantime = 12h
+
+[dovecot]
+enabled = true
+maxretry = 3
+bantime = 12h
diff --git a/ansible/roles/knot-misc/handlers/fail2ban.yml b/ansible/roles/knot-misc/handlers/fail2ban.yml
new file mode 100644
index 0000000..8340622
--- /dev/null
+++ b/ansible/roles/knot-misc/handlers/fail2ban.yml
@@ -0,0 +1,4 @@
+- name: restart fail2ban
+ service:
+ name: fail2ban
+ state: reloaded
diff --git a/ansible/roles/knot-misc/handlers/main.yml b/ansible/roles/knot-misc/handlers/main.yml
new file mode 100644
index 0000000..b4a5aca
--- /dev/null
+++ b/ansible/roles/knot-misc/handlers/main.yml
@@ -0,0 +1 @@
+- include: fail2ban.yml
diff --git a/ansible/roles/knot-misc/tasks/fail2ban.yml b/ansible/roles/knot-misc/tasks/fail2ban.yml
new file mode 100644
index 0000000..49e1c57
--- /dev/null
+++ b/ansible/roles/knot-misc/tasks/fail2ban.yml
@@ -0,0 +1,11 @@
+- name: /etc/fail2ban/jail.local
+ notify: restart fail2ban
+ copy:
+ dest: /etc/fail2ban/jail.local
+ content: ""
+
+- name: /etc/fail2ban/jail.d/99-ansible.conf
+ notify: restart fail2ban
+ copy:
+ src: etc/fail2ban/jail.d/99-ansible.conf
+ dest: /etc/fail2ban/jail.d/99-ansible.conf
diff --git a/ansible/roles/knot-misc/tasks/main.yml b/ansible/roles/knot-misc/tasks/main.yml
new file mode 100644
index 0000000..94a1388
--- /dev/null
+++ b/ansible/roles/knot-misc/tasks/main.yml
@@ -0,0 +1,3 @@
+- name: fail2ban
+ tags: fail2ban
+ include: fail2ban.yml