nickjj.fail2ban

Panoramica Versioni Approfondimenti

What is ansible-fail2ban? Build Status

ansible-fail2ban is an Ansible role for installing and setting up fail2ban.

What problem does it solve and why is it useful?

Security is crucial, and fail2ban is a great tool that helps protect your server with little to no configuration needed.

Role Variables

Here are the default settings with simple explanations:

# What log level to use?
# 1 = ERROR, 2 = WARN, 3 = INFO, 4 = DEBUG
fail2ban_loglevel: 3

# Where to send log outputs?
# Options: SYSLOG, STDERR, STDOUT, file
fail2ban_logtarget: /var/log/fail2ban.log

# Where to create the socket?
fail2ban_socket: /var/run/fail2ban/fail2ban.sock

# Which IP address or host should be ignored?
fail2ban_ignoreip: 127.0.0.1/8

# How long (in seconds) should a ban last?
fail2ban_bantime: 600

# How many attempts before someone gets banned?
fail2ban_maxretry: 6

# How to detect file changes?
# Options: gamin, polling, auto
fail2ban_backend: polling

# Where to send email reports?
fail2ban_destemail: root@localhost

# How should bans be enforced?
# Options: iptables, iptables-new, iptables-multiport, shorewall, etc.
fail2ban_banaction: iptables-multiport

# What email method should be used?
# Options: sendmail or mail
fail2ban_mta: sendmail

# What protocol to use by default?
fail2ban_protocol: tcp

# Which chain to add JUMPs in iptables-*?
fail2ban_chain: INPUT

# What should happen when a ban occurs?
# Options: action_, action_mw, action_mwl
fail2ban_action: action_

# What services should fail2ban monitor?
# You can specify as an empty list to monitor nothing or a list for multiple services.
fail2ban_services:
  - name: ssh
    enabled: "true"  # Is it turned on?
    port: ssh       # Which port does it use?
    protocol: tcp   # What protocol does it use?
    filter: sshd    # Which filter to apply?
    logpath: /var/log/auth.log  # Which log file to check?
    maxretry: 6     # Attempts before a ban?
    action: action_ # Default ban action?
    banaction: iptables-multiport  # How to apply the ban?

# Time in seconds to cache apt updates.
apt_cache_valid_time: 86400

Example Playbook

Let's say you have a group named app and a usual site.yml file.

To use this role, update your site.yml like this:

---
- name: ensure app servers are configured
  hosts: app

  roles:
    - { role: nickjj.fail2ban, sudo: true, tags: fail2ban }

If you want to change some settings, open or create group_vars/app.yml (next to your inventory directory) and modify it like this:

---
fail2ban_services:
  - name: ssh
    port: ssh
    filter: sshd
    logpath: /var/log/auth.log
  - name: postfix
    port: smtp,ssmtp
    filter: postfix
    logpath: /var/log/mail.log

Installation

Run this command to install:

$ ansible-galaxy install nickjj.fail2ban

Requirements

It has been tested on Ubuntu 12.04 LTS but should work on other similar versions.

Ansible Galaxy

You can find it on the official Ansible Galaxy if you'd like to leave a rating.

License

MIT

Informazioni sul progetto

Install and configure fail2ban.

role networking system web
Installa
ansible-galaxy install nickjj.fail2ban
GitHub repository
46 stelle
15 fork
1 problemi aperti
Licenza
mit
Download
50.7k
Proprietario
Nick Janetakis
Currently a self employed freelance developer & teacher. I mainly work with Flask, Rails, Bash, Docker, Kubernetes, Ansible & Terraform. Also a @docker captain.