Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/boutetnico/ansible-role-fail2ban
Install and configure Fail2ban with Ansible.
https://github.com/boutetnico/ansible-role-fail2ban
ansible debian fail2ban firewall security ubuntu
Last synced: about 1 month ago
JSON representation
Install and configure Fail2ban with Ansible.
- Host: GitHub
- URL: https://github.com/boutetnico/ansible-role-fail2ban
- Owner: boutetnico
- License: mit
- Created: 2021-07-11T15:47:24.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2024-08-02T07:33:25.000Z (6 months ago)
- Last Synced: 2024-11-07T13:29:45.665Z (3 months ago)
- Topics: ansible, debian, fail2ban, firewall, security, ubuntu
- Language: Jinja
- Homepage:
- Size: 18.6 KB
- Stars: 0
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://github.com/boutetnico/ansible-role-fail2ban/actions?query=workflow%3A%22Test+ansible+role%22)
[](https://galaxy.ansible.com/boutetnico/fail2ban)
ansible-role-fail2ban
=====================
This role install and configures [Fail2ban](https://www.fail2ban.org/wiki/index.php/MANUAL_0_8).
Requirements
------------
Ansible 2.10 or newer.
Supported Platforms
-------------------
- [Debian - 11 (Bullseye)](https://wiki.debian.org/DebianBullseye)
- [Debian - 12 (Bookworm)](https://wiki.debian.org/DebianBookworm)
- [Ubuntu - 22.04 (Jammy Jellyfish)](http://releases.ubuntu.com/22.04/)
- [Ubuntu - 24.04 (Noble Numbat)](http://releases.ubuntu.com/24.04/)
Role Variables
--------------
| Variable | Required | Default | Choices | Comments |
|-------------------------|----------|-----------------------|-----------|------------------------------------------------|
| fail2ban_dependencies | yes | `[fail2ban]` | list | |
| fail2ban_configuration | yes | `{}` | dict | Local main configuration. |
| fail2ban_jails | yes | `{}` | dict | Local jail configuration. |
| fail2ban_filters | yes | `{}` | dict | Custom filters configuration. |
| fail2ban_actions | yes | `{}` | dict | Custom actions configuration. |
Dependencies
------------
None
Example Playbook
----------------
- hosts: all
roles:
- role: ansible-role-fail2ban
fail2ban_configuration:
Definition:
loglevel: WARNING
fail2ban_jails:
DEFAULT:
ignoreip: 127.0.0.1/8
nginx-badbots:
enabled: 'true'
action: nginx-deny-host[name = nginx-http-auth, port = http, protocol = tcp]
port: http
filter: nginx-badbots
logpath: /var/log/nginx_error.log
maxretry: 5
findtime: 600
fail2ban_filters:
nginx-badbots:
Definition:
_daemon: nginx-badbots
failregex: |
^ \[error\] \d+#\d+: .* access forbidden by rule, client: , .*$
FastCGI sent in stderr: "Primary script unknown" .*, client:
ignoreregex: ''
fail2ban_actions:
nginx-deny-host:
Definition:
actionban: |
sed -i "/deny ;/d"
echo "deny ;" >>
systemctl reload nginx
actionunban: |
sed -i "/deny ;/d"
systemctl reload nginx
Init:
file: /etc/nginx/hosts.deny
Testing
-------
molecule test
License
-------
MIT
Author Information
------------------
[@boutetnico](https://github.com/boutetnico)