imfreedom/email-ansible
Clone
Summary
Browse
Changes
Graph
Enable fail2ban
draft
2020-10-09, Richard Laager
50c119032b12
Enable fail2ban
-
name
:
set password hashing rounds
replace
:
path
:
/etc/pam.d/common-password
regexp
:
(pam_unix.so .*sha512)( rounds=[0-9]+)?
replace
:
'\1
rounds={{
common_sha512_crypt_rounds
}}'
tags
:
-
pam
-
name
:
set root password
user
:
name
:
root
password
:
"{{
common_root_password_hash
}}"
tags
:
-
user
-
name
:
set root's .ssh/authorized_keys
authorized_key
:
user
:
root
path
:
"/root/.ssh/authorized_keys"
key
:
"{{
common_root_ssh_keys
}}"
exclusive
:
yes
tags
:
-
ssh
-
ssh_key
-
name
:
install ufw.conf
copy
:
src
:
ufw.conf
dest
:
/etc/fail2ban/action.d/
notify
:
-
restart fail2ban
tags
:
-
fail2ban
-
name
:
install fail2ban jail defaults
template
:
src
:
defaults.conf.j2
dest
:
/etc/fail2ban/jail.d/defaults.conf
mode
:
0644
notify
:
-
restart fail2ban
tags
:
-
fail2ban
-
name
:
install fail2ban ssh jail
copy
:
src
:
sshd.conf
dest
:
/etc/fail2ban/jail.d/
notify
:
-
restart fail2ban
tags
:
-
fail2ban
-
name
:
enable fail2ban service
systemd
:
name
:
fail2ban
enabled
:
yes
notify
:
-
restart fail2ban
tags
:
-
fail2ban
