Initial commit

2025-04-03 10:21:21 -06:00 · 2025-03-21 14:08:02 -06:00 · 2025-03-21 14:08:02 -06:00 · 6abfb80b68
commit 6abfb80b68
2 changed files with 46 additions and 0 deletions
--- a/ansiblehosts.yaml
+++ b/ansiblehosts.yaml
@ -0,0 +1,5 @@
+[webservers]
+192.168.1.219 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
+192.168.1.43  ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
+192.168.1.51  ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
+
--- a/fail2ban-setup.yaml
+++ b/fail2ban-setup.yaml
@ -0,0 +1,41 @@
+- name: Install and configure Fail2Ban on all servers
+  hosts: all
+  become: true
+  vars:
+    # Customize as needed
+    bantime: 3600        # 1 hour ban time
+    findtime: 600        # 10 min window
+    maxretry: 5
+  tasks:
+    - name: Install Fail2Ban
+      apt:
+        name: fail2ban
+        state: present
+        update_cache: yes
+
+    - name: Ensure Fail2Ban service is enabled and running
+      service:
+        name: fail2ban
+        state: started
+        enabled: true
+
+    - name: Create custom jail.local config
+      copy:
+        dest: /etc/fail2ban/jail.local
+        content: |
+          [DEFAULT]
+          bantime = {{ bantime }}
+          findtime = {{ findtime }}
+          maxretry = {{ maxretry }}
+
+          [sshd]
+          enabled = true
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: Restart Fail2Ban to apply config
+      service:
+        name: fail2ban
+        state: restarted
+