89 lines
2.1 KiB
YAML
89 lines
2.1 KiB
YAML
---
|
|
- name: fail2ban_deb | Install fail2ban packages
|
|
ansible.builtin.apt:
|
|
pkg: "{{ f2b_packages_deb }}"
|
|
state: present
|
|
cache_valid_time: 1800
|
|
tags:
|
|
- fail2ban
|
|
|
|
- name: fail2ban_deb | Ensure that fail2ban is enabled and running
|
|
ansible.builtin.service:
|
|
name: fail2ban
|
|
state: started
|
|
enabled: true
|
|
tags:
|
|
- fail2ban
|
|
|
|
- name: fail2ban_deb | Install the fail2ban custom jail file
|
|
ansible.builtin.template:
|
|
src: jail.local.j2
|
|
dest: /etc/fail2ban/jail.local
|
|
owner: root
|
|
group: root
|
|
mode: "0444"
|
|
notify: Restart fail2ban
|
|
tags:
|
|
- fail2ban
|
|
|
|
- name: fail2ban_deb | Install the fail2ban apache ddos filter
|
|
ansible.builtin.template:
|
|
src: apache-ddos-filter.conf.j2
|
|
dest: /etc/fail2ban/filter.d/apache-ddos-filter.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0444"
|
|
when: f2b_apache_ddos_enabled
|
|
notify: Restart fail2ban
|
|
tags:
|
|
- fail2ban
|
|
- f2b_apache_ddos
|
|
|
|
- name: fail2ban_deb | Install the fail2ban apache ddos rule
|
|
ansible.builtin.template:
|
|
src: apache-ddos-jail.conf.j2
|
|
dest: /etc/fail2ban/jail.d/apache-ddos-jail.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0444"
|
|
when: f2b_apache_ddos_enabled
|
|
notify: Restart fail2ban
|
|
tags:
|
|
- fail2ban
|
|
- f2b_apache_ddos
|
|
|
|
- name: fail2ban_deb | Install the fail2ban nginx ddos filter
|
|
ansible.builtin.template:
|
|
src: nginx-ddos-filter.conf.j2
|
|
dest: /etc/fail2ban/filter.d/nginx-ddos-filter.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0444"
|
|
when: f2b_nginx_ddos_enabled
|
|
notify: Restart fail2ban
|
|
tags:
|
|
- fail2ban
|
|
- f2b_nginx_ddos
|
|
|
|
- name: fail2ban_deb | Install the fail2ban nginx ddos rule
|
|
ansible.builtin.template:
|
|
src: nginx-ddos-jail.conf.j2
|
|
dest: /etc/fail2ban/jail.d/nginx-ddos-jail.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0444"
|
|
when: f2b_nginx_ddos_enabled
|
|
notify: Restart fail2ban
|
|
tags:
|
|
- fail2ban
|
|
- f2b_nginx_ddos
|
|
|
|
- name: fail2ban_deb | Uninstall fail2ban when not enabled
|
|
ansible.builtin.apt:
|
|
pkg: fail2ban
|
|
state: absent
|
|
when: not fail2ban_enabled
|
|
tags:
|
|
- fail2ban
|
|
- uninstall_fail2ban
|