Ansible Role: Fail2ban for Ubuntu

This role installs and sets up Fail2ban on Ubuntu systems.

Requirements

No special requirements.

Installation

Run the following command to install:

ansible-galaxy install jasonheecs.ubuntu-fail2ban

Role Variables

Here are the available settings you can customize, along with their default values (see defaults/main.yml):

fail2ban_loglevel: INFO                  # Logging level
fail2ban_logtarget: /var/log/fail2ban.log # Log file location
fail2ban_socket: /var/run/fail2ban/fail2ban.sock # Socket location

fail2ban_ignoreip: 127.0.0.1/8          # IPs to ignore
fail2ban_bantime: 600                     # Ban time in seconds
fail2ban_maxretry: 6                      # Max retries before banning

fail2ban_backend: polling                  # Backend type

fail2ban_destemail: root@localhost       # Email to receive alerts
fail2ban_banaction: iptables-multiport     # Action to take when banning
fail2ban_mta: sendmail                     # Mail transfer agent
fail2ban_protocol: tcp                     # Protocol to use
fail2ban_chain: INPUT                      # Chain to use in iptables

fail2ban_action: action_

fail2ban_services:                        # Services to monitor
  - name: ssh                             # Service name
    port: ssh                             # Service port
    filter: sshd                          # Filter to use
    logpath: /var/log/auth.log            # Path to the log file

Dependencies

No dependencies.

Example Playbook

Here is an example playbook using this role:

- hosts: all
  become: yes
  roles:
    - { role: jasonheecs.ubuntu-fail2ban }

License

MIT License

Author Information

Jason Hee