From c1fe8d9551e337031e5a5d62224779b389872ea3 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Thu, 30 Aug 2018 13:50:32 +0200 Subject: o Adjusting fail2ban. --- .../knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf | 16 ++++++++++++++++ ansible/roles/knot-misc/handlers/fail2ban.yml | 4 ++++ ansible/roles/knot-misc/handlers/main.yml | 1 + ansible/roles/knot-misc/tasks/fail2ban.yml | 11 +++++++++++ ansible/roles/knot-misc/tasks/main.yml | 3 +++ 5 files changed, 35 insertions(+) create mode 100644 ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf create mode 100644 ansible/roles/knot-misc/handlers/fail2ban.yml create mode 100644 ansible/roles/knot-misc/handlers/main.yml create mode 100644 ansible/roles/knot-misc/tasks/fail2ban.yml create mode 100644 ansible/roles/knot-misc/tasks/main.yml (limited to 'ansible/roles') diff --git a/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf new file mode 100644 index 0000000..02f32b8 --- /dev/null +++ b/ansible/roles/knot-misc/files/etc/fail2ban/jail.d/99-ansible.conf @@ -0,0 +1,16 @@ +# Managed by Ansible + +[sshd] +enabled = true +maxretry = 3 +bantime = 12h + +[postfix] +enabled = true +maxretry = 3 +bantime = 12h + +[dovecot] +enabled = true +maxretry = 3 +bantime = 12h diff --git a/ansible/roles/knot-misc/handlers/fail2ban.yml b/ansible/roles/knot-misc/handlers/fail2ban.yml new file mode 100644 index 0000000..8340622 --- /dev/null +++ b/ansible/roles/knot-misc/handlers/fail2ban.yml @@ -0,0 +1,4 @@ +- name: restart fail2ban + service: + name: fail2ban + state: reloaded diff --git a/ansible/roles/knot-misc/handlers/main.yml b/ansible/roles/knot-misc/handlers/main.yml new file mode 100644 index 0000000..b4a5aca --- /dev/null +++ b/ansible/roles/knot-misc/handlers/main.yml @@ -0,0 +1 @@ +- include: fail2ban.yml diff --git a/ansible/roles/knot-misc/tasks/fail2ban.yml b/ansible/roles/knot-misc/tasks/fail2ban.yml new file mode 100644 index 0000000..49e1c57 --- /dev/null +++ b/ansible/roles/knot-misc/tasks/fail2ban.yml @@ -0,0 +1,11 @@ +- name: /etc/fail2ban/jail.local + notify: restart fail2ban + copy: + dest: /etc/fail2ban/jail.local + content: "" + +- name: /etc/fail2ban/jail.d/99-ansible.conf + notify: restart fail2ban + copy: + src: etc/fail2ban/jail.d/99-ansible.conf + dest: /etc/fail2ban/jail.d/99-ansible.conf diff --git a/ansible/roles/knot-misc/tasks/main.yml b/ansible/roles/knot-misc/tasks/main.yml new file mode 100644 index 0000000..94a1388 --- /dev/null +++ b/ansible/roles/knot-misc/tasks/main.yml @@ -0,0 +1,3 @@ +- name: fail2ban + tags: fail2ban + include: fail2ban.yml -- cgit v1.2.3