From ccb1f90c79a38f2a55e6e1b9b012cae4d7597fd9 Mon Sep 17 00:00:00 2001
From: Jeltz <tom.barthe+aurore@ens-paris-saclay.fr>
Date: Mon, 13 Dec 2021 01:56:56 +0100
Subject: [PATCH] Uninstall fail2ban

---
 roles/basesecurity/handlers/main.yml |  5 ----
 roles/basesecurity/tasks/main.yml    | 38 ----------------------------
 2 files changed, 43 deletions(-)
 delete mode 100644 roles/basesecurity/handlers/main.yml

diff --git a/roles/basesecurity/handlers/main.yml b/roles/basesecurity/handlers/main.yml
deleted file mode 100644
index 3c59dc2..0000000
--- a/roles/basesecurity/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Restart sshd service
-  service:
-    name: sshd
-    state: restarted
diff --git a/roles/basesecurity/tasks/main.yml b/roles/basesecurity/tasks/main.yml
index 22d8a56..948a015 100644
--- a/roles/basesecurity/tasks/main.yml
+++ b/roles/basesecurity/tasks/main.yml
@@ -24,44 +24,6 @@
     - /bin/umount  # Only root should umount
   ignore_errors: true  # Sometimes file won't exist
 
-- name: Install fail2ban
-  apt:
-    name: fail2ban
-    state: present
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
-- name: Configure fail2ban
-  ini_file:
-    path: /etc/fail2ban/jail.d/local.conf
-    section: "{{ item.section }}"
-    option: "{{ item.option }}"
-    value: "{{ item.value }}"
-    state: present
-    mode: 0644
-  notify: Restart fail2ban service
-  loop:
-    - section: sshd
-      option: ignoreip
-      value: 10.128.0.254  # Whitelist bastion
-
-    - section: sshd
-      option: enabled
-      value: "true"
-
-    - section: sshd
-      option: bantime
-      value: 600
-
-    - section: sshd
-      option: findtime
-      value: 600
-
-    - section: sshd
-      option: maxretry
-      value: 5
-
 # See altered packages and configurations with `debsums -ca`
 - name: Install debsums
   apt: