Skip to content
Snippets Groups Projects

Install and configure fail2ban

Merged Install and configure fail2ban
atlurie/hpc-factory:feat-sshpiper-failtoban-plugin into feat-hpc-factory
Merged Eesaan Atluri requested to merge atlurie/hpc-factory:feat-sshpiper-failtoban-plugin into feat-hpc-factory
Viewing commit 28a835da
Next
Show latest version
3 files
+ 46
49
Compare changes
  • Side-by-side
  • Inline
Files
3
ansible/roles/fail2ban/tasks/main.yml 0 → 100644
+ 46
0
---
- name: Install fail2ban
ansible.builtin.package:
name: "{{ item }}"
state: present
loop:
- fail2ban
- fail2ban-firewalld
- name: Configure fail2ban
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
backup: true
loop:
- { src: 'jail.local.j2', dest: '/etc/fail2ban/jail.local' }
- { src: 'sshpiperd_filter.local.j2', dest: '/etc/fail2ban/filter.d/sshpiperd.local' }
- { src: 'sshpiperd_jail.local.j2', dest: '/etc/fail2ban/jail.d/sshpiperd.local' }
- name: Activate the firewalld support for fail2ban
ansible.builtin.command:
cmd: mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local
- name: Configure firewalld to allow ssh and sshpiper traffic
ansible.posix.firewalld:
port: "{{ item }}"
zone: public
state: enabled
permanent: true
loop:
- 2222/tcp
- 22/tcp
- name: Enable and start firewalld
ansible.builtin.service:
name: firewalld
enabled: true
state: restarted
- name: Enable and start fail2ban
ansible.builtin.service:
name: fail2ban
enabled: true
state: restarted