70 lines
1.8 KiB
YAML
70 lines
1.8 KiB
YAML
---
|
|
- name: fail2ban_el | Install fail2ban packages
|
|
ansible.builtin.dnf:
|
|
name: "{{ f2b_packages_el }}"
|
|
state: present
|
|
notify:
|
|
- Enable and start fail2ban
|
|
- Enable and start firewalld
|
|
tags:
|
|
- fail2ban
|
|
- centos
|
|
- rhel
|
|
|
|
- name: fail2ban_el | Install fail2ban local config
|
|
ansible.builtin.template:
|
|
src: fail2ban.local.j2
|
|
dest: /etc/fail2ban/fail2ban.local
|
|
owner: root
|
|
group: root
|
|
mode: "0444"
|
|
notify: Reload fail2ban
|
|
tags:
|
|
- fail2ban
|
|
|
|
- name: fail2ban_el | Install fail2ban jail custom configuration
|
|
ansible.builtin.template:
|
|
src: jail-d-customization.local.j2
|
|
dest: /etc/fail2ban/jail.d/customization.local
|
|
owner: root
|
|
group: root
|
|
mode: "0444"
|
|
notify: Reload fail2ban
|
|
tags:
|
|
- fail2ban
|
|
|
|
- name: fail2ban_el | Install the selinux policy file for fail2ban
|
|
ansible.builtin.copy:
|
|
src: fail2ban-journal-sepol.te
|
|
dest: /usr/local/etc/fail2ban-journal-sepol.te
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
register: fail2ban_selinux_policy
|
|
tags:
|
|
- fail2ban
|
|
- selinux
|
|
|
|
- name: fail2ban_el | Activate the selinux policy for fail2ban
|
|
ansible.builtin.shell: >
|
|
checkmodule -M -m -o /usr/local/etc/fail2ban-journal-sepol.mod /usr/local/etc/fail2ban-journal-sepol.te &&
|
|
semodule_package -o /usr/local/etc/fail2ban-journal-sepol.pp -m /usr/local/etc/fail2ban-journal-sepol.mod &&
|
|
semodule -i /usr/local/etc/fail2ban-journal-sepol.pp
|
|
args:
|
|
creates: /usr/local/etc/fail2ban-journal-sepol.pp
|
|
when: fail2ban_selinux_policy is changed # noqa: no-handler
|
|
tags:
|
|
- fail2ban
|
|
- selinux
|
|
|
|
- name: fail2ban_el | Ensure that fail2ban and firewalld are started and enabled
|
|
ansible.builtin.service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: true
|
|
loop:
|
|
- fail2ban
|
|
- firewalld
|
|
tags:
|
|
- fail2ban
|