GithubHelp home page GithubHelp logo

slaarti / ansible-fail2ban Goto Github PK

View Code? Open in Web Editor NEW

This project forked from sbitio/ansible-fail2ban

0.0 2.0 0.0 26 KB

Ansible role to manage Fail2ban

Home Page: https://galaxy.ansible.com/list#/roles/747

Python 100.00%

ansible-fail2ban's Introduction

This role is abandoned.

Fail2ban

Performs installation and configuration of Fail2ban service.

Provides an action plugin to facilitate configuration of jails. See below for details.

This role is Work In Progress. See TODO file for some details.

This role doesn't touch any upstream provided files. All configuration parts are placed in fail2ban's .local files.

In RedHat systems, jail.local is shipped with some goodies picked from Debian's jail.conf, to ease management of actions.

Leverages sbitmedia.monit and sbitmedia.munin roles when available.

For in-depth explanation of action plugins in roles please see sbitmedia.monit's README.

Requirements

Since Ansible doesn't support action plugins in roles, it is needed to explicitly add the path to this role's action plugins in ansible.cfg.

Example:

action_plugins     = ./contrib/roles/sbitmedia.monit/action_plugins
                    :./contrib/roles/sbitmedia.munin/action_plugins
                    :./contrib/roles/sbitmedia.fail2ban/action_plugins

Happily, action_plugins supports relative paths. Paths are separated by colon (:).

Role Variables

Default variables are documented in defaults/main.yml.

Role variables are set per OS. See: vars/*.yml.

See also the args accepted by fail2ban_jail in library/fail2ban_jail.

Example Usage

Using the role is straightforward, just include it and set overrides as needed.

Following playbook shows several examples of fail2ban_jail usage.

- hosts: servers
  roles:
    - sbitmedia.fail2ban

  tasks:
    # Define a jail.
    - fail2ban_jail:
      args:
        name: ssh-test-jail
        enabled: true
        filter: sshd
        port: ssh
        logpath: /var/log/secure
        maxretry: 3
        bantime: 3600

    # Enable a jail defined in jail.conf but disabled.
    - fail2ban_jail:
      args:
        name: ssh-tcpwrapper
        enabled: true

Leverage Fail2ban in your roles

There's two ways to leverage this role in your own roles.

  • Hard dependency: add sbitmedia.fail2ban as a dependency in your role and start ruling your own checks with no drawbacks at all.

  • Soft dependency: use sbitmedia.fail2ban when it is available. For this to work, several thing need to happen:

  1. the role must be included before yours.
  2. calls to fail2ban must be done this way, to avoid syntax errors in Ansible:
- name: Configure fail2ban service in Munin
  action: fail2ban_jail
  args:
    name: ssh
    enabled: true
  when: fail2ban_service is defined

License

BSD

Author Information

Jonathan Araña Cruz - SB IT Media, S.L.

ansible-fail2ban's People

Contributors

jonhattan avatar nickhammond avatar

Watchers

James Cloos avatar Chris Pinard avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.