WIP: Various cleanups #83
2 changed files with 0 additions and 43 deletions
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart sshd service
|
|
||||||
service:
|
|
||||||
name: sshd
|
|
||||||
state: restarted
|
|
|
@ -24,44 +24,6 @@
|
||||||
- /bin/umount # Only root should umount
|
- /bin/umount # Only root should umount
|
||||||
ignore_errors: true # Sometimes file won't exist
|
ignore_errors: true # Sometimes file won't exist
|
||||||
|
|
||||||
- name: Install fail2ban
|
|
||||||
apt:
|
|
||||||
name: fail2ban
|
|
||||||
state: present
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
|
|
||||||
- name: Configure fail2ban
|
|
||||||
ini_file:
|
|
||||||
path: /etc/fail2ban/jail.d/local.conf
|
|
||||||
section: "{{ item.section }}"
|
|
||||||
option: "{{ item.option }}"
|
|
||||||
value: "{{ item.value }}"
|
|
||||||
state: present
|
|
||||||
mode: 0644
|
|
||||||
notify: Restart fail2ban service
|
|
||||||
loop:
|
|
||||||
- section: sshd
|
|
||||||
option: ignoreip
|
|
||||||
value: 10.128.0.254 # Whitelist bastion
|
|
||||||
|
|
||||||
- section: sshd
|
|
||||||
option: enabled
|
|
||||||
value: "true"
|
|
||||||
|
|
||||||
- section: sshd
|
|
||||||
option: bantime
|
|
||||||
value: 600
|
|
||||||
|
|
||||||
- section: sshd
|
|
||||||
option: findtime
|
|
||||||
value: 600
|
|
||||||
|
|
||||||
- section: sshd
|
|
||||||
option: maxretry
|
|
||||||
value: 5
|
|
||||||
|
|
||||||
# See altered packages and configurations with `debsums -ca`
|
# See altered packages and configurations with `debsums -ca`
|
||||||
- name: Install debsums
|
- name: Install debsums
|
||||||
apt:
|
apt:
|
||||||
|
|
Loading…
Reference in a new issue