mirror of
https://github.com/snachodog/ansible_playbooks.git
synced 2025-04-03 10:21:21 -06:00
Initial commit
This commit is contained in:
commit
6abfb80b68
5
ansiblehosts.yaml
Normal file
5
ansiblehosts.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
[webservers]
|
||||
192.168.1.219 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
|
||||
192.168.1.43 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
|
||||
192.168.1.51 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
|
||||
|
41
fail2ban-setup.yaml
Normal file
41
fail2ban-setup.yaml
Normal file
@ -0,0 +1,41 @@
|
||||
- name: Install and configure Fail2Ban on all servers
|
||||
hosts: all
|
||||
become: true
|
||||
vars:
|
||||
# Customize as needed
|
||||
bantime: 3600 # 1 hour ban time
|
||||
findtime: 600 # 10 min window
|
||||
maxretry: 5
|
||||
tasks:
|
||||
- name: Install Fail2Ban
|
||||
apt:
|
||||
name: fail2ban
|
||||
state: present
|
||||
update_cache: yes
|
||||
|
||||
- name: Ensure Fail2Ban service is enabled and running
|
||||
service:
|
||||
name: fail2ban
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Create custom jail.local config
|
||||
copy:
|
||||
dest: /etc/fail2ban/jail.local
|
||||
content: |
|
||||
[DEFAULT]
|
||||
bantime = {{ bantime }}
|
||||
findtime = {{ findtime }}
|
||||
maxretry = {{ maxretry }}
|
||||
|
||||
[sshd]
|
||||
enabled = true
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Restart Fail2Ban to apply config
|
||||
service:
|
||||
name: fail2ban
|
||||
state: restarted
|
||||
|
Loading…
x
Reference in New Issue
Block a user