Skip to content

pimvh/fail2ban

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

133 Commits
.github/workflows
.github/workflows
 
 
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
molecule/default
molecule/default
 
 
tasks
tasks
 
 
templates
templates
 
 
.ansible-lint
.ansible-lint
 
 
.gitignore
.gitignore
 
 
.yamllint
.yamllint
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
deploy_requirements.txt
deploy_requirements.txt
 
 
requirements.yml
requirements.yml
 
 
test_requirements.txt
test_requirements.txt
 
 

Repository files navigation

Molecule test

Requirements

  1. Ansible installed:
sudo apt install python3
python3 -m ensurepip --upgrade
pip3 install ansible

Required variables

Set the variables as shown in defaults.

Currently available fail2ban_jails are:

  • sshd
  • nginx
  • postfix

Example playbook

hosts:
  - foo
roles:
  - ansible-fail2ban

TLDR - What will happen if I run this

  • install fai2ban
  • move template of fail2ban configs to host (based on jail params)
  • reload fail2ban config

Note: this configures fail2ban to add to nftables (not iptables)

Future Improvements

  • Allow non authorative zones and key directives
  • Improve sane defaults of variables (see defaults defined in defaults/main.yaml)
  • Allow TTL to be passed in records
  • Add automated KSK rollover to dnssecpls script
  • Allow duplicates of dnssecpls script with different variables from ZSK rollover etc as specified in nsd_zone_attributes
  • Only update serial when required, instead of when running role

About

Ansible role to install fail2ban

Topics

ansible role hardening fail2ban molecule-tested

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages