klips/ansible/roles/fail2ban/README.md

1.7 KiB

Fail2ban

An ansible role for installing fail2ban with basic configuration options

Role Variables

packages: [fail2ban]

  • A list of packages to install on the server

ssh_port: 22

  • The port SSH where is running on the remote server

relay_host: "[sub.domain.com]:777" sender_email: "senderemail@domain.com"

  • The relay to route mail through, and a corresponding email to send as

email: "email@domain.com"

  • The email address to send alerts to when an IP is banned or jailed

nginx_botsearch: "true" nginx_http_auth: "true" nginx_nobinary: "true" nginx_nohome: "true" nginx_noproxy: "true" nginx_wplogin: "true" nginx_noscan: "true" nginx_noenv: "true" nginx_noscript: "true" sshd: "true" sshd_badproto: "true"

  • Each of these variables are an existing fail2ban filter with a corresponding bool to enable or disable them.

Dependencies

Requires that postfix is configured to send email alerts on behalf of the sender_email address.

Example Playbook

First, make sure all settings within defaults/main.yml are correct for your server. All settings and their purposes are outline in the section above.

Create a new ansible play. You can name it whatever you want, but this example play will simply be named fail2ban.yml.

---
- hosts: testserver
  become: yes
  roles:
  - fail2ban

Make sure the IP for testserver is correct in the /etc/ansible/hosts file -

[testserver]
123.123.123.123:22

Run the play!

ansible-playbook fail2ban.yml

License

BSD

Author Information

Contact: shaunrd0@gmail.com | URL: www.shaunreed.com | GitHub: shaunrd0