klips/ansible/roles/fail2ban/README.md

81 lines
1.7 KiB
Markdown
Raw Permalink Normal View History

Fail2ban
2020-04-19 23:30:19 +00:00
=========
An ansible role for installing fail2ban with basic configuration options
2020-04-19 23:30:19 +00:00
Role Variables
--------------
`packages: [fail2ban]`
* A list of packages to install on the server
`ssh_port: 22`
* The port SSH where is running on the remote server
`relay_host: "[sub.domain.com]:777"`
`sender_email: "senderemail@domain.com"`
* The relay to route mail through, and a corresponding email to send as
`email: "email@domain.com"`
* The email address to send alerts to when an IP is banned or jailed
`nginx_botsearch: "true"`
`nginx_http_auth: "true"`
`nginx_nobinary: "true"`
`nginx_nohome: "true"`
`nginx_noproxy: "true"`
`nginx_wplogin: "true"`
`nginx_noscan: "true"`
`nginx_noenv: "true"`
`nginx_noscript: "true"`
`sshd: "true"`
`sshd_badproto: "true"`
* Each of these variables are an existing fail2ban filter with a corresponding
bool to enable or disable them.
2020-04-19 23:30:19 +00:00
Dependencies
------------
Requires that postfix is configured to send email alerts
on behalf of the `sender_email` address.
2020-04-19 23:30:19 +00:00
Example Playbook
----------------
First, make sure all settings within `defaults/main.yml` are correct for your
server. All settings and their purposes are outline in the section above.
Create a new ansible play. You can name it whatever you want, but this
example play will simply be named `fail2ban.yml`.
```yml
---
- hosts: testserver
become: yes
roles:
- fail2ban
```
Make sure the IP for `testserver` is correct in the `/etc/ansible/hosts` file -
```
[testserver]
123.123.123.123:22
```
Run the play!
2020-04-19 23:30:19 +00:00
```bash
ansible-playbook fail2ban.yml
```
2020-04-19 23:30:19 +00:00
License
-------
BSD
Author Information
------------------
Contact: shaunrd0@gmail.com | URL: www.shaunreed.com | GitHub: shaunrd0