f2b role files

This commit is contained in:
Tiago Carrondo 2022-03-06 15:01:27 +00:00
parent ca802e834e
commit 0fe24ed42d
5 changed files with 83 additions and 0 deletions

View File

@ -0,0 +1,6 @@
[recidive]
enabled = true
filter = recidive
logpath = /var/log/fail2ban.log
action = iptables-allports[name=recidive]
sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]

5
roles/fail2ban/files/ssh Normal file
View File

@ -0,0 +1,5 @@
[ssh]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/auth.log

View File

@ -0,0 +1,7 @@
---
# handlers file for fail2ban
- name: reload fail2ban
service:
name: fail2ban
state: reloaded
enabled: yes

View File

@ -0,0 +1,39 @@
---
# tasks file for fail2ban
- name: Instalação fail2ban
become: true
apt:
name:
- fail2ban
state: present
update_cache: yes
cache_valid_time: 86400
force_apt_get: yes
- name: Apply fail2ban default config
become: true
template:
src: default.j2
dest: /etc/fail2ban/jail.d/00-default.conf
mode: 0644
notify:
- reload fail2ban
- name: Copy fail2ban jails
become: true
copy:
src: '{{ item }}'
dest: /etc/fail2ban/jail.d/{{ item }}.conf
mode: 0644
with_items:
- recidive
- ssh
notify:
- reload fail2ban
- name: Start service fail2ban, if not started
become: true
service:
name: fail2ban.service
state: started
enabled: yes

View File

@ -0,0 +1,26 @@
[DEFAULT]
ignoreip = 127.0.0.1/8
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
maxretry = 3
backend = auto
usedns = warn
destemail = direccao@ansol.org
sendername = Fail2Ban
banaction = iptables-multiport
mta = sendmail
protocol = tcp
chain = INPUT
# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]
# ban & send an e-mail with whois report and relevant log lines to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]
action = %(action_)s