Home Explore Help
Sign In
sarman
/
tftsr_ai
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 342cbd123d
Branches Tags
tftsr_ai
/
tftsr_nginx-hardening
/
nginx-hardening
/
roles
/
fail2ban
/
tasks
/
main.yml

main.yml 893 B
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041 
  1. ---
    2. 

  2. - name: Install fail2ban
    3. 

  3.   ansible.builtin.dnf:
    4. 

  4.     name: fail2ban
    5. 

  5.     state: present
    6. 

  6. 

  7. - name: Deploy nginx-4xx filter
    8. 

  8.   ansible.builtin.template:
    9. 

  9.     src: nginx-4xx.conf.j2
    10. 

  10.     dest: /etc/fail2ban/filter.d/nginx-4xx.conf
    11. 

  11.     owner: root
    12. 

  12.     group: root
    13. 

  13.     mode: '0644'
    14. 

  14.     backup: yes
    15. 

  15.   notify: restart fail2ban
    16. 

  16. 

  17. - name: Deploy nginx-auth filter
    18. 

  18.   ansible.builtin.template:
    19. 

  19.     src: nginx-auth.conf.j2
    20. 

  20.     dest: /etc/fail2ban/filter.d/nginx-auth.conf
    21. 

  21.     owner: root
    22. 

  22.     group: root
    23. 

  23.     mode: '0644'
    24. 

  24.     backup: yes
    25. 

  25.   notify: restart fail2ban
    26. 

  26. 

  27. - name: Deploy jail.local configuration
    28. 

  28.   ansible.builtin.template:
    29. 

  29.     src: jail.local.j2
    30. 

  30.     dest: /etc/fail2ban/jail.local
    31. 

  31.     owner: root
    32. 

  32.     group: root
    33. 

  33.     mode: '0644'
    34. 

  34.     backup: yes
    35. 

  35.   notify: restart fail2ban
    36. 

  36. 

  37. - name: Enable and start fail2ban service
    38. 

  38.   ansible.builtin.service:
    39. 

  39.     name: fail2ban
    40. 

  40.     state: started
    41. 

  41.     enabled: yes
    42.