Initial commit

This commit is contained in:
Alex 2020-06-03 14:34:06 +02:00
commit bacb1b092f
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
2 changed files with 52 additions and 0 deletions

7
tasks/main.yml Normal file
View File

@ -0,0 +1,7 @@
- name: Copy configuration file
template:
src: 'fail2ban.local.j2'
dest: '/etc/fail2ban/fail2ban.d/sshban.local'
notify: Run service actions
tags:
- fail2ban

View File

@ -0,0 +1,45 @@
[INCLUDES]
before = paths-debian.conf
[DEFAULT]
ignorecommand =
bantime = 1h
findtime = 10m
maxretry = 5
backend = auto
usedns = warn
logencoding = auto
enabled = false
mode = normal
filter = %(__name__)s[mode=%(mode)s]
protocol = tcp
chain = <known/chain>
port = 0:65535
fail2ban_agent = Fail2Ban/%(fail2ban_version)s
banaction = iptables-multiport
banaction_allports = iptables-allports
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"]
action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"]
action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
action_abuseipdb = abuseipdb
action = %(action_)s
[sshd]
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
enabled = true
[dropbear]
port = ssh
logpath = %(dropbear_log)s
backend = %(dropbear_backend)s
[selinux-ssh]
port = ssh
logpath = %(auditd_log)s