Externalize role
This commit is contained in:
commit
71f6942e4b
GPG key ID:
DA7B27055C66D6DE
6 changed files with 77 additions and 0 deletions
5
defaults/main.yml
Normal file
5
defaults/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
fail2ban_ssh: true
|
||||
fail2ban_bantime: 172800
|
||||
fail2ban_findtime: 3600
|
||||
|
||||
4
handlers/main.yml
Normal file
4
handlers/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- name: Restart fail2ban
|
||||
service: name=fail2ban state=restarted
|
||||
|
||||
27
tasks/main.yml
Normal file
27
tasks/main.yml
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
- name: Include vars for {{ ansible_os_family }}
|
||||
include_vars: "{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: Install packages for fail2ban
|
||||
package: name="{{ fail2ban_packages }}" state=latest update_cache=yes
|
||||
|
||||
- name: Test if paths overrides file exist
|
||||
stat: path=/etc/fail2ban/paths-overrides.local
|
||||
register: pathsoverrides
|
||||
|
||||
- name: Touch the standard log file
|
||||
file: path=/etc/fail2ban/paths-overrides.local state=touch owner=root group=root mode=0640
|
||||
when:
|
||||
- not pathsoverrides.stat.exists
|
||||
|
||||
- name: Install fail2ban configuration files
|
||||
template: src="{{ item }}.j2" dest="/{{ item }}" owner=root group=root mode=0644
|
||||
with_items:
|
||||
- etc/fail2ban/jail.local
|
||||
- etc/fail2ban/jail.d/02-services.conf
|
||||
notify: Restart fail2ban
|
||||
|
||||
- name: Enable fail2ban services
|
||||
service: name="fail2ban" enabled=yes
|
||||
|
||||
|
||||
5
templates/etc/fail2ban/jail.d/02-services.conf.j2
Normal file
5
templates/etc/fail2ban/jail.d/02-services.conf.j2
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
{% if fail2ban_ssh %}
|
||||
[sshd]
|
||||
enabled = true
|
||||
{% endif %}
|
||||
|
||||
27
templates/etc/fail2ban/jail.local.j2
Normal file
27
templates/etc/fail2ban/jail.local.j2
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
[DEFAULT]
|
||||
# "bantime" is the number of seconds that a host is banned.
|
||||
bantime = {{ fail2ban_bantime }}
|
||||
|
||||
# A host is banned if it has generated "maxretry" during the last "findtime"
|
||||
# seconds.
|
||||
findtime = {{ fail2ban_findtime }}
|
||||
|
||||
# Destination email address used solely for the interpolations in
|
||||
# jail.{conf,local,d/*} configuration files.
|
||||
{% if fail2ban_email is defined %}
|
||||
destemail = {{ fail2ban_email }}
|
||||
{% else %}
|
||||
#destemail =
|
||||
{% endif %}
|
||||
|
||||
# Sender email address used solely for some actions
|
||||
sender = root@localhost
|
||||
|
||||
# Select mail mta instead of sendmail
|
||||
mta = mail
|
||||
|
||||
# Choose default action. To change, just override value of 'action' with the
|
||||
# interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
|
||||
# globally (section [DEFAULT]) or per specific section
|
||||
action = %(action_mw)s
|
||||
|
||||
9
vars/RedHat.yml
Normal file
9
vars/RedHat.yml
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
fail2ban_packages:
|
||||
- fail2ban
|
||||
- fail2ban-firewalld
|
||||
- fail2ban-mail
|
||||
- fail2ban-hostsdeny
|
||||
- fail2ban-sendmail
|
||||
- fail2ban-server
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue