An Ansible Role that installs and configure fail2ban 2.x on Debian/Ubuntu,
ArchLinux and ArtixLinux (mabybe also on other openrc based Systemes).
Further development of this Ansible role has been moved to Collection bodsch.core. This repository will therefore no longer be actively maintained.
None
Tested on
- ArchLinux
- Debian based
- Debian 10 / 11 / 12
- Ubuntu 20.04 / 22.04
RedHat-based systems are no longer officially supported! May work, but does not have to.
Available variables are listed below, along with default values (see defaults/main.yaml):
fail2ban_ignoreips
can be an IP address, a CIDR mask or a DNS host.
fail2ban_conf
fail2ban_jail
fail2ban_path_definitions
fail2ban_jails
fail2ban_jail
see into molecule test and configuration
fail2ban_ignoreips:
- 127.0.0.1/8
- 192.168.0.0/24
fail2ban_conf:
default:
loglevel: INFO
logtarget: "/var/log/fail2ban.log"
syslogsocket: auto
socket: /run/fail2ban/fail2ban.sock
pidfile: /run/fail2ban/fail2ban.pid
dbfile: /var/lib/fail2ban/fail2ban.sqlite3
dbpurgeage: 1d
dbmaxmatches: 10
definition: {}
thread:
stacksize: 0
fail2ban_jail:
default:
ignoreips: "{{ fail2ban_ignoreips }}"
bantime: 600
maxretry: 3
findtime: 3200
backend: auto
usedns: warn
logencoding: auto
jails_enabled: false
actions:
destemail: root@localhost
sender: root@localhost
mta: sendmail
protocol: tcp
chain: INPUT
banaction: iptables-multiport
fail2ban_jails:
- name: ssh
enabled: true
port: ssh
filter: sshd
logpath: /var/log/authlog.log
findtime: 3200
bantime: 86400
maxretry: 2
- name: ssh-breakin
enabled: true
port: ssh
filter: sshd-break-in
logpath: /var/log/authlog.log
maxretry: 2
- name: ssh-ddos
enabled: true
port: ssh
filter: sshd-ddos
logpath: /var/log/authlog.log
maxretry: 2Please read Contribution
The master Branch is my Working Horse includes the "latest, hot shit" and can be complete broken!
If you want to use something stable, please use a Tagged Version!
- Bodo Schulz
FREE SOFTWARE, HELL YEAH!