Shaun Reed
b5a97de9ff
+ Can be used for a single host or a group of hosts + Update nginx-nobinary jail regex |
||
|---|---|---|
| .. | ||
| defaults | ||
| files/fail2ban | ||
| handlers | ||
| meta | ||
| tasks | ||
| vars | ||
| README.md | ||
README.md
Fail2ban
An ansible role for installing fail2ban with basic configuration options
Role Variables
packages: [fail2ban]
- A list of packages to install on the server
ssh_port: 22
- The port SSH where is running on the remote server
relay_host: "[sub.domain.com]:777"
sender_email: "senderemail@domain.com"
- The relay to route mail through, and a corresponding email to send as
email: "email@domain.com"
- The email address to send alerts to when an IP is banned or jailed
nginx_botsearch: "true"
nginx_http_auth: "true"
nginx_nobinary: "true"
nginx_nohome: "true"
nginx_noproxy: "true"
nginx_wplogin: "true"
nginx_noscan: "true"
nginx_noenv: "true"
nginx_noscript: "true"
sshd: "true"
sshd_badproto: "true"
- Each of these variables are an existing fail2ban filter with a corresponding bool to enable or disable them.
Dependencies
Requires that postfix is configured to send email alerts
on behalf of the sender_email address.
Example Playbook
First, make sure all settings within defaults/main.yml are correct for your
server. All settings and their purposes are outline in the section above.
Create a new ansible play. You can name it whatever you want, but this
example play will simply be named fail2ban.yml.
---
- hosts: testserver
become: yes
roles:
- fail2ban
Make sure the IP for testserver is correct in the /etc/ansible/hosts file -
[testserver]
123.123.123.123:22
Run the play!
ansible-playbook fail2ban.yml
License
BSD
Author Information
Contact: shaunrd0@gmail.com | URL: www.shaunreed.com | GitHub: shaunrd0