steve/ansible_playbooks
1
0
Fork 0
mirror of https://github.com/snachodog/ansible_playbooks.git synced 2025-04-04 02:31:22 -06:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
More formatting corrections. Removed redundant "examples"
This commit is contained in:
Steve Dogiakos 2025-03-21 14:45:40 -06:00 committed by GitHub
parent 3216c25f8c
commit cc2a0abe94
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@ -2,42 +2,21 @@
This repository contains an Ansible playbook and inventory file to automate the installation and basic configuration of Fail2Ban on multiple Debian/Ubuntu servers. This repository contains an Ansible playbook and inventory file to automate the installation and basic configuration of Fail2Ban on multiple Debian/Ubuntu servers.
## `Contents fail2ban-setup.yaml` ## `Contents fail2ban-setup.yaml`
- Ansible playbook to install and configure Fail2Ban ansiblehosts.yaml - `fail2ban-setup.yaml` - Ansible playbook to install and configure Fail2Ban ansiblehosts.yaml
- Inventory file listing the servers to manage - `ansiblehosts.yaml` - Inventory file listing the servers to manage
## Inventory File ## Inventory File
The ansiblehosts.yaml file contains your target servers and connection details. The `ansiblehosts.yaml` file contains your target servers and connection details.
**Example format:**
```
[webservers]
192.168.1.219 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
192.168.1.43 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
192.168.1.51 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
```
## Playbook Details ## Playbook Details
The `fail2ban-setup.yaml` playbook: The `fail2ban-setup.yaml` playbook:
`
- Installs Fail2Ban via APT - Installs Fail2Ban via APT
- Enables SSH protection against brute-force attacks - Enables SSH protection against brute-force attacks
- Configures basic settings: - Configures basic settings:
- bantime: 3600 seconds (1 hour) - bantime: 3600 seconds (1 hour)
- findtime: 600 seconds (10 minutes) - findtime: 600 seconds (10 minutes)
- maxretry: 5 failed attempts Ensures Fail2Ban starts on boot - maxretry: 5 failed attempts Ensures Fail2Ban starts on boot
### Playbook snippet:
- name: Install and configure Fail2Ban on all servers hosts: all become: true vars: bantime: 3600
findtime: 600 maxretry: 5 tasks:
- name: Install Fail2Ban apt: name: fail2ban state: present update_cache: yes
- name: Ensure Fail2Ban service is enabled and running service: name: fail2ban state: started enabled: true
- name: Create custom jail.local config copy: dest: /etc/fail2ban/jail.local content: | [DEFAULT] bantime = {{ bantime }} findtime = {{ findtime }} maxretry = {{ maxretry }}
```
[sshd]
enabled = true
```
owner: root group: root mode: '0644'
- name: Restart Fail2Ban to apply config service: name: fail2ban state: restarted
## Usage ## Usage
Run the playbook: Run the playbook:
`ansible-playbook -i ansiblehosts.yaml fail2ban-setup.yaml --ask-become-pass` `ansible-playbook -i ansiblehosts.yaml fail2ban-setup.yaml --ask-become-pass`