aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Joe Banks <[email protected]>2022-03-15 10:52:28 +0000
committerGravatar Joe Banks <[email protected]>2022-03-15 11:01:03 +0000
commit9476e0863211419dd2e6e10c637194ed0623b39e (patch)
treee986a5553ff317ae4a532be5197dc9be3d0d7351
parentRemove vim modelines (diff)
Install and configure fail2ban
Diffstat
-rw-r--r--playbook.yml1
-rw-r--r--roles/fail2ban/README.md3
-rw-r--r--roles/fail2ban/files/jail.local8
-rw-r--r--roles/fail2ban/handlers/main.yml6
-rw-r--r--roles/fail2ban/tasks/main.yml27
5 files changed, 45 insertions, 0 deletions
diff --git a/playbook.yml b/playbook.yml
index d7ca9bc..2a38748 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -6,6 +6,7 @@
- ufw
- prometheus-node-exporter
- wireguard
+ - fail2ban
- name: Deploy our monitoring stack
hosts: ritchie
diff --git a/roles/fail2ban/README.md b/roles/fail2ban/README.md
new file mode 100644
index 0000000..60bb3ac
--- /dev/null
+++ b/roles/fail2ban/README.md
@@ -0,0 +1,3 @@
+# Role "fail2ban"
+
+This role installs and configures fail2ban to all Python Discord hosts.
diff --git a/roles/fail2ban/files/jail.local b/roles/fail2ban/files/jail.local
new file mode 100644
index 0000000..a4a4d43
--- /dev/null
+++ b/roles/fail2ban/files/jail.local
@@ -0,0 +1,8 @@
+[DEFAULT]
+ignoreip = 127.0.0.1/8 ::1 123.123.123.123 192.168.1.0/24 10.0.0.0/8
+bantime = 24h
+maxretry = 3
+findtime = 2h
+
+[sshd]
+mode=aggressive
diff --git a/roles/fail2ban/handlers/main.yml b/roles/fail2ban/handlers/main.yml
new file mode 100644
index 0000000..fb6eccd
--- /dev/null
+++ b/roles/fail2ban/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: reload fail2ban
+ service:
+ name: fail2ban
+ state: reloaded
+ tags:
+ - role::fail2ban
diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml
new file mode 100644
index 0000000..a193de6
--- /dev/null
+++ b/roles/fail2ban/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Install fail2ban package
+ package:
+ name: fail2ban
+ state: present
+ tags:
+ - role::fail2ban
+
+- name: Copy fail2ban config
+ copy:
+ src: jail.local
+ dest: /etc/fail2ban/jail.local
+ owner: root
+ group: root
+ mode: 0644
+ tags:
+ - role::fail2ban
+ notify:
+ - reload fail2ban
+
+- name: Enable fail2ban service
+ service:
+ name: fail2ban
+ state: started
+ enabled: true
+ tags:
+ - role::fail2ban
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-24 17:48:46 +0000