added again ansible-role-security

2024-01-25 14:48:21 +01:00
parent 6dcf62acd7
commit eee0e16ae8
19 changed files with 460 additions and 0 deletions
--- a/roles/ansible-role-security/tasks/fail2ban.yml
+++ b/roles/ansible-role-security/tasks/fail2ban.yml
@@ -0,0 +1,29 @@
+---
+- name: Install fail2ban (RedHat).
+  package:
+    name: fail2ban
+    state: present
+    enablerepo: epel
+  when: ansible_os_family == 'RedHat'
+
+- name: Install fail2ban (Debian).
+  package:
+    name: fail2ban
+    state: present
+  when: ansible_os_family == 'Debian'
+
+- name: Copy fail2ban custom configuration file into place.
+  template:
+    src: "{{ security_fail2ban_custom_configuration_template }}"
+    dest: /etc/fail2ban/jail.local
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - reload fail2ban
+
+- name: Ensure fail2ban is running and enabled on boot.
+  service:
+    name: fail2ban
+    state: started
+    enabled: true