Created
December 15, 2016 04:56
-
-
Save yellowcrescent/dc88a5bb64ff72b02fcdff00adf378d6 to your computer and use it in GitHub Desktop.
fail2ban ansible playbook for ce7, ubuntu, and debian
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# vim: set ts=2 sw=2 expandtab syntax=yaml: | |
--- | |
- hosts: all | |
tasks: | |
- name: Configure vars (Debian) | |
set_fact: | |
paths_include: paths-debian.conf | |
when: ansible_os_family == "Debian" or ansible_os_family == "Ubuntu" | |
- name: Configure vars (EL) | |
set_fact: | |
paths_include: paths-fedora.conf | |
when: ansible_os_family == "RedHat" or ansible_os_family == "CentOS" or ansible_os_family == "Fedora" | |
- name: Ensure /opt/src exists | |
file: path=/opt/src state=directory mode=0755 | |
- name: Extract Fail2ban source | |
unarchive: src=https://github.com/fail2ban/fail2ban/archive/0.9.4.tar.gz copy=no dest=/opt/src | |
- name: Install Fail2ban | |
command: python setup.py install | |
args: | |
chdir: /opt/src/fail2ban-0.9.4 | |
- name: Create Fail2ban systemd service | |
copy: dest=/lib/systemd/system/fail2ban.service src=/opt/xrepo/ansible/files/fail2ban.service | |
- name: Configure Fail2ban jails | |
template: src=/opt/xrepo/ansible/templates/jail.local.j2 dest=/etc/fail2ban/jail.local | |
- name: Configure Fail2ban paths | |
copy: src=/opt/xrepo/ansible/files/{{ paths_include }} dest=/etc/fail2ban/{{ paths_include }} | |
- name: Configure Fail2ban main config | |
template: src=/opt/xrepo/ansible/templates/fail2ban.conf.j2 dest=/etc/fail2ban/fail2ban.conf | |
- name: Ensure logfile exists (for banhammer jail) | |
file: path=/var/log/fail2ban.log state=touch mode=0644 | |
- name: Reload systemd | |
command: systemctl daemon-reload | |
- name: Ensure Fail2ban service is enabled and started | |
service: name=fail2ban enabled=yes state=started |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment