adrien/ansible-role-crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Change default ban time to 1 week
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details

Browse source
This commit is contained in:
Adrien Reslinger 2022-12-16 22:37:09 +01:00
parent 826c345aef
commit a3a23cf77e
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
2 changed files with 18 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tasks/main.yml
View file

@ -65,11 +65,14 @@
- name: Deploy main config - name: Deploy main config
ansible.builtin.template: ansible.builtin.template:
src: etc/crowdsec/config.yaml.j2 src: "etc/crowdsec/{{ item }}.yaml.j2"
dest: /etc/crowdsec/config.yaml dest: "/etc/crowdsec/{{ item }}.yaml.local"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
with_items:
- "config"
- "profiles"
notify: restart crowdsec notify: restart crowdsec
- name: Deploy whitelist - name: Deploy whitelist

13
templates/etc/crowdsec/profiles.yaml.j2 Normal file
View file

@ -0,0 +1,13 @@
name: default_ip_remediation
#debug: true
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
- type: ban
duration: 168h
# notifications:
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
# - http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
on_success: break