nephosolutions.sshguard

Ansible Role: sshguard

This Ansible role installs and sets up sshguard on Debian and RHEL/CentOS systems.

Requirements

For RHEL/CentOS systems, this role needs geerlingguy.repo-epel to install and set up the EPEL (Extra Packages for Enterprise Linux) repository.

Besides that, only Ansible version 2.2 or higher is required.

Tested On

Debian 9 and 10
Ubuntu 16.04 and 18.04
RHEL/CentOS 7 and 9

Role Variables

These are the important variables for this role:

sshguard_block_time: Time (in seconds) to block attackers after they exceed the threshold. Blocks increase by a factor of 1.5; default is 120.
sshguard_detection_time: Time (in seconds) to remember potential attackers before resetting their score; default is 1800.
sshguard_threshold: Score threshold that, when exceeded, will cause an attacker to be blocked. Most attacks score 10; default threshold is 30.
sshguard_whitelist: A list of trusted IP addresses that will never be blocked.
- comment: Description (optional)
- address: An individual IPv4 or IPv6 address, address blocks in CIDR notation, or hostnames.

Example Playbook

---
- name: test-playbook | Test sshguard role
  hosts: all
  become: yes
  become_user: root
  vars:
    - sshguard_whitelist:
        - comment: IPv4 localhost
          address: 127.0.0.0/8
        - address: 127.0.0.1/32
        - comment: IPv6 localhost
          address: ::1
  roles:
    - nephosolutions.sshguard

License

This Ansible role is available under the Apache-2.0 License. See the LICENSE file for more information.

Informazioni sul progetto

Install and manage sshguard on Debian and RHEL/CentOS based systems

role ssh

Installa

ansible-galaxy install nephosolutions.sshguard

GitHub repository

0 stelle

0 fork

1 problemi aperti

Licenza

apache-2.0

Download

3.6k

Proprietario

NephoSolutions

ICT Consultancy & Services – DevOps & Cloud Architects