{"id":31202126,"url":"https://github.com/programmfabrik/role-fail2ban","last_synced_at":"2026-02-14T13:02:14.565Z","repository":{"id":97950775,"uuid":"189601082","full_name":"programmfabrik/role-fail2ban","owner":"programmfabrik","description":"Ansible play to install and configure fail2ban","archived":false,"fork":false,"pushed_at":"2024-02-29T13:52:38.000Z","size":31,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-20T13:13:12.711Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/programmfabrik.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-05-31T13:46:22.000Z","updated_at":"2023-08-23T11:14:39.000Z","dependencies_parsed_at":"2024-02-29T15:00:02.957Z","dependency_job_id":null,"html_url":"https://github.com/programmfabrik/role-fail2ban","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/programmfabrik/role-fail2ban","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/programmfabrik%2Frole-fail2ban","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/programmfabrik%2Frole-fail2ban/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/programmfabrik%2Frole-fail2ban/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/programmfabrik%2Frole-fail2ban/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/programmfabrik","download_url":"https://codeload.github.com/programmfabrik/role-fail2ban/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/programmfabrik%2Frole-fail2ban/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29444043,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T12:43:28.304Z","status":"ssl_error","status_checked_at":"2026-02-14T12:43:14.160Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-09-20T13:07:49.471Z","updated_at":"2026-02-14T13:02:14.560Z","avatar_url":"https://github.com/programmfabrik.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible Role fail2ban\n\nThis role installs and configures fail2ban.\n\n## Example play\n\n```yaml\n- hosts: all\n  roles:\n    - blunix.role-fail2ban\n  vars:\n    fail2ban_enabled: yes\n    fail2ban_default_bantime: 3600\n    fail2ban_default_maxretry: 5\n    fail2ban_default_destemail: monitoring-example@example.com\n    fail2ban_jails:\n      - name: default\n        vars:\n          DEFAULT:\n            ignoreip: '8.8.4.4'\n            backend: auto\n            banaction: iptables-multiport\n      - name: sshd\n        vars:\n          sshd:\n            enabled: 'true'\n            filter: sshd\n            maxretry: 6\n            port: ssh\n          sshd_ddos:\n            action:\n              - 'shorewall[name=SSH, port=ssh, protocol=tcp]'\n            enabled: 'true'\n            filter: 'sshd-ddos'\n            maxretry: 6\n            port: ssh\n    fail2ban_actions:\n      - name: 'iptables-ipset-proto4'\n        vars:\n          INCLUDES:\n            before: iptables-blocktype.conf\n          Definition:\n            actionstart:\n              - 'ipset --create fail2ban-\u003cname\u003e iphash'\n              - 'iptables -I INPUT -p \u003cprotocol\u003e -m multiport --dports \u003cport\u003e -m set --match-set fail2ban-\u003cname\u003e src -j \u003cblocktype\u003e'\n            actionstop:\n              - 'iptables -D INPUT -p \u003cprotocol\u003e -m multiport --dports \u003cport\u003e -m set --match-set fail2ban-\u003cname\u003e src -j \u003cblocktype\u003e'\n              - 'ipset --flush fail2ban-\u003cname\u003e'\n              - 'ipset --destroy fail2ban-\u003cname\u003e'\n            actionban:\n              - 'ipset --test fail2ban-\u003cname\u003e \u003cip\u003e ||  ipset --add fail2ban-\u003cname\u003e \u003cip\u003e'\n            actionunban:\n              - 'ipset --test fail2ban-\u003cname\u003e \u003cip\u003e \u0026\u0026 ipset --del fail2ban-\u003cname\u003e \u003cip\u003e'\n          Init:\n            name: default\n            port: ssh\n            protocol: tcp\n    fail2ban_filters:\n      download:\n        - name: apache-common-latest\n          url: \"https://raw.githubusercontent.com/fail2ban/fail2ban/0.10/config/filter.d/apache-common.conf\"\n      custom:\n        - name: nginx-noscript\n          vars:\n            Definition:\n              failregex: |\n                  \u003cHOST\u003e.*(GET|POST).*(\\.php|\\.asp|\\.exe|\\.pl|\\.cgi|\\.scgi).*\n        - name: nginx-reqlimit\n          vars:\n            Definition:\n              failregex: |\n                  limiting requests, excess:.* by zone.*client: \u003cHOST\u003e\n          # From https://github.com/fail2ban/fail2ban/blob/0.8/config/filter.d/apache-common.conf\n        - name: apache-common-latest\n          vars:\n            INCLUDES:\n              after: apache-common-latest.local\n            DEFAULT:\n              _apache_error_client: |\n                  \\[[^]]*\\] \\[(:?error|\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client \u003cHOST\u003e(:\\d{1,5})?\\]\n          # From https://github.com/fail2ban/fail2ban/blob/0.8/config/filter.d/apache-auth.conf\n        - name: apache-auth-latest\n          vars:\n            INCLUDES:\n              before: apache-common-latest.conf\n            Definition:\n              ignoreregex: ''\n              failregex: |\n                  ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\\S*(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH01617: )?user .*? authentication failure for \"\\S*\": Password Mismatch(, referer: \\S+)?$\n                              ^%(_apache_error_client)s (AH01618: )?user .*? not found(: )?\\S*(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH01614: )?client used wrong authentication scheme: \\S*(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH\\d+: )?Authorization of user \\S+ to access \\S* failed, reason: .*$\n                              ^%(_apache_error_client)s (AH0179[24]: )?(Digest: )?user .*?: password mismatch: \\S*(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH0179[01]: |Digest: )user `.*?' in realm `.+' (not found|denied by provider): \\S*(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH01631: )?user .*?: authorization failure for \"\\S*\":(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH01775: )?(Digest: )?invalid nonce .* received - length is not \\S+(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH01788: )?(Digest: )?realm mismatch - got `.*?' but expected `.+'(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*?' received: \\S*(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH01793: )?invalid qop `.*?' received: \\S*(, referer: \\S+)?\\s*$\n                              ^%(_apache_error_client)s (AH01777: )?(Digest: )?invalid nonce .*? received - user attempted time travel(, referer: \\S+)?\\s*$\n          # From http://www.fail2ban.org/wiki/index.php/HOWTO_fail2ban_with_OpenVPN\n        - name: openvpn\n          vars:\n            Definition:\n              ignoreregex: ''\n              failregex: |\n                  ^ TLS Error: incoming packet authentication failed from \\[AF_INET\\]\u003cHOST\u003e:\\d+$\n                              ^ \u003cHOST\u003e:\\d+ Connection reset, restarting\n                              ^ \u003cHOST\u003e:\\d+ TLS Auth Error\n                              ^ \u003cHOST\u003e:\\d+ TLS Error: TLS handshake failed$\n                              ^ \u003cHOST\u003e:\\d+ VERIFY ERROR\n```\n\n# License\n\nApache-2.0\n\n# Author Information\n\nAll changes from 2019-05-31 onwards:\n\n```\nProgrammfabrik GmbH,\nSchwedter Str. 9b,\n10119 Berlin\n```\n\nAll changes until 2019-05-30 by:\n\nService and support for orchestrated hosting environments,\ncontinuous integration/deployment/delivery and various Linux\nand open-source technology stacks are available from:\n\n```\nBlunix GmbH - Consulting for Linux Hosting 24/7\nGlogauer Straße 21\n10999 Berlin - Germany\n\nWeb: www.blunix.org\nEmail: service[at]blunix.org\nPhone: (+49) 30 / 12 08 39 90\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprogrammfabrik%2Frole-fail2ban","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprogrammfabrik%2Frole-fail2ban","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprogrammfabrik%2Frole-fail2ban/lists"}