Created
March 4, 2013 03:34
-
-
Save dbarlett/5079715 to your computer and use it in GitHub Desktop.
Install and configure fail2ban for ssh and Apache protection on Ubuntu
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Install and configure fail2ban for ssh and Apache protection | |
| - name: Install fail2ban | |
| apt: pkg=fail2ban | |
| state=present | |
| update_cache=yes | |
| - name: Create local fail2ban config | |
| command: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
| creates=/etc/fail2ban/jail.local | |
| notify: restart fail2ban | |
| - name: Set fail2ban bantime to 1 hour | |
| # Use lineinfile because ConfigParser rejects section=default | |
| lineinfile: dest=/etc/fail2ban/jail.local | |
| regexp="^bantime = " | |
| state=present | |
| line="bantime = 3600" | |
| - name: Set fail2ban destemail | |
| # Use lineinfile because ConfigParser rejects section=default | |
| lineinfile: dest=/etc/fail2ban/jail.local | |
| regexp="^destemail = " | |
| state=present | |
| line="destemail = $fail2ban_destemail" | |
| when_string: $fail2ban_destemail != "" | |
| notify: restart fail2ban | |
| - name: Enable fail2ban filters | |
| ini_file: dest=/etc/fail2ban/jail.local | |
| section=$item | |
| option=enabled | |
| value=true | |
| with_items: | |
| - ssh | |
| - ssh-ddos | |
| - pam-generic | |
| - apache | |
| - apache-noscript | |
| - apache-overflows | |
| notify: restart fail2ban |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment