steve/ansible_playbooks
1
0
Fork 0
mirror of https://github.com/snachodog/ansible_playbooks.git synced 2025-04-09 13:01:23 -06:00
Code Issues Packages Projects Releases Wiki Activity

create README.md

Browse Source
This commit is contained in:
Steve Dogiakos 2025-03-21 14:37:13 -06:00
parent 6abfb80b68
commit f2f7027ab9
2 changed files with 72 additions and 0 deletions

16
.gitignore vendored Normal file

@ -0,0 +1,16 @@
# Ignore SSH private keys (safety precaution)
*.pem
*.key
*.id_rsa
*.id_ed25519
# Ansible Vault password files (if ever used)
.vault_pass.txt
# Any sensitive temp files
*.retry
*.secret
# Fact cache (if enabled)
.fact_cache/
# Backup files
*~ *.bak Logs *.log
# OS-specific
.DS_Store Thumbs.db

56
README.md Normal file

@ -0,0 +1,56 @@
# Ansible Playbook
This repository contains an Ansible playbook and inventory file to automate the installation and basic configuration of Fail2Ban on multiple Debian/Ubuntu servers.
## `Contents fail2ban-setup.yaml`
— Ansible playbook to install and configure Fail2Ban ansiblehosts.yaml
— Inventory file listing the servers to manage
## Inventory File
The ansiblehosts.yaml file contains your target servers and connection details.
Example format:
```
[webservers]
192.168.1.219 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
192.168.1.43 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
192.168.1.51 ansible_user=steve ansible_ssh_private_key_file=/home/steve/.ssh/id_ed25519 ansible_become=true
```
## Playbook Details
The `fail2ban-setup.yaml` playbook:
`
- Installs Fail2Ban via APT
- Enables SSH protection against brute-force attacks
- Configures basic settings:
- bantime: 3600 seconds (1 hour)
- findtime: 600 seconds (10 minutes)
- maxretry: 5 failed attempts Ensures Fail2Ban starts on boot
### Playbook snippet:
- name: Install and configure Fail2Ban on all servers hosts: all become: true vars: bantime: 3600
findtime: 600 maxretry: 5 tasks:
- name: Install Fail2Ban apt: name: fail2ban state: present update_cache: yes
- name: Ensure Fail2Ban service is enabled and running service: name: fail2ban state: started enabled: true
- name: Create custom jail.local config copy: dest: /etc/fail2ban/jail.local content: | [DEFAULT] bantime = {{ bantime }} findtime = {{ findtime }} maxretry = {{ maxretry }}
```
[sshd]
enabled = true
```
owner: root group: root mode: '0644'
- name: Restart Fail2Ban to apply config service: name: fail2ban state: restarted
## Usage
Run the playbook:
`ansible-playbook -i ansiblehosts.yaml fail2ban-setup.yaml --ask-become-pass`
You'll be prompted once for your sudo password.
## Requirements
- Ansible installed on your control machine
- SSH public key authentication set up between control machine and target servers
- Target servers should be Debian/Ubuntu-based
## Security Notice
*Do NOT store private SSH keys or sensitive credentials in this repository.*
This repo is designed to be safe for public use as long as private keys and secrets are excluded.
## License