From bacb1b092f53bba40aa28486a90d81dee441fb15 Mon Sep 17 00:00:00 2001 From: Alex Date: Wed, 3 Jun 2020 14:34:06 +0200 Subject: [PATCH] Initial commit --- tasks/main.yml | 7 ++++++ templates/fail2ban.local.j2 | 45 +++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 tasks/main.yml create mode 100644 templates/fail2ban.local.j2 diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..33f5568 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,7 @@ +- name: Copy configuration file + template: + src: 'fail2ban.local.j2' + dest: '/etc/fail2ban/fail2ban.d/sshban.local' + notify: Run service actions + tags: + - fail2ban diff --git a/templates/fail2ban.local.j2 b/templates/fail2ban.local.j2 new file mode 100644 index 0000000..56d0235 --- /dev/null +++ b/templates/fail2ban.local.j2 @@ -0,0 +1,45 @@ +[INCLUDES] +before = paths-debian.conf + +[DEFAULT] +ignorecommand = +bantime = 1h +findtime = 10m +maxretry = 5 +backend = auto +usedns = warn +logencoding = auto +enabled = false +mode = normal +filter = %(__name__)s[mode=%(mode)s] + +protocol = tcp +chain = +port = 0:65535 +fail2ban_agent = Fail2Ban/%(fail2ban_version)s +banaction = iptables-multiport +banaction_allports = iptables-allports +action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] +action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s", agent="%(fail2ban_agent)s"] +action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", agent="%(fail2ban_agent)s"] +action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"] +action_abuseipdb = abuseipdb +action = %(action_)s + +[sshd] +port = ssh +logpath = %(sshd_log)s +backend = %(sshd_backend)s +enabled = true + +[dropbear] + +port = ssh +logpath = %(dropbear_log)s +backend = %(dropbear_backend)s + + +[selinux-ssh] + +port = ssh +logpath = %(auditd_log)s