From cc2a0abe9470477361db9c5fc1286a82ea914155 Mon Sep 17 00:00:00 2001 From: Steve Dogiakos Date: Fri, 21 Mar 2025 14:45:40 -0600 Subject: [PATCH] Update README.md More formatting corrections. Removed redundant "examples" --- README.md | 27 +++------------------------ 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 726e7fc..58cf070 100644 --- a/README.md +++ b/README.md @@ -2,42 +2,21 @@ This repository contains an Ansible playbook and inventory file to automate the installation and basic configuration of Fail2Ban on multiple Debian/Ubuntu servers. ## `Contents fail2ban-setup.yaml` -- Ansible playbook to install and configure Fail2Ban ansiblehosts.yaml -- Inventory file listing the servers to manage +- `fail2ban-setup.yaml` - Ansible playbook to install and configure Fail2Ban ansiblehosts.yaml +- `ansiblehosts.yaml` - Inventory file listing the servers to manage ## Inventory File -The ansiblehosts.yaml file contains your target servers and connection details. -**Example format:** -``` -[webservers] -192.168.1.219 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true -192.168.1.43 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true -192.168.1.51 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true -``` +The `ansiblehosts.yaml` file contains your target servers and connection details. ## Playbook Details The `fail2ban-setup.yaml` playbook: -` - Installs Fail2Ban via APT - Enables SSH protection against brute-force attacks - Configures basic settings: - bantime: 3600 seconds (1 hour) - findtime: 600 seconds (10 minutes) - maxretry: 5 failed attempts Ensures Fail2Ban starts on boot -### Playbook snippet: -- name: Install and configure Fail2Ban on all servers hosts: all become: true vars: bantime: 3600 -findtime: 600 maxretry: 5 tasks: - - name: Install Fail2Ban apt: name: fail2ban state: present update_cache: yes - - name: Ensure Fail2Ban service is enabled and running service: name: fail2ban state: started enabled: true - - name: Create custom jail.local config copy: dest: /etc/fail2ban/jail.local content: | [DEFAULT] bantime = {{ bantime }} findtime = {{ findtime }} maxretry = {{ maxretry }} -``` -[sshd] -enabled = true -``` -owner: root group: root mode: '0644' - - name: Restart Fail2Ban to apply config service: name: fail2ban state: restarted - ## Usage Run the playbook: `ansible-playbook -i ansiblehosts.yaml fail2ban-setup.yaml --ask-become-pass`