fail2ban
Requirements
- Ansible installed:
sudo apt install python3
python3 -m ensurepip --upgrade
pip3 install ansible
Required variables
Set the variables as shown in defaults.
Currently available fail2ban_jails are:
- sshd
- nginx
- postfix
Example playbook
hosts:
- foo
roles:
- ansible-fail2ban
TLDR - What will happen if I run this
- install fai2ban
- move template of fail2ban configs to host (based on jail params)
- reload fail2ban config
Note: this configures fail2ban to add to nftables (not iptables)
Future Improvements
- Allow non authorative zones and key directives
- Improve sane defaults of variables (see defaults defined in defaults/main.yaml)
- Allow TTL to be passed in records
- Add automated KSK rollover to dnssecpls script
- Allow duplicates of dnssecpls script with different variables from ZSK rollover etc as specified in nsd_zone_attributes
- Only update serial when required, instead of when running role
About
role to configure fail2ban using nftables, and optionally you can pass an abuseipdb API key.
Install
ansible-galaxy install pimvh/fail2ban
License
gpl-3.0
Downloads
83
Owner