Commit 57be1825 authored by Michael Klix's avatar Michael Klix
Browse files

initial commit of working copy, not working

parent 96a27887
## Description
A brief description of the role goes here.
This role configures fail2ban.
## Requirements
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
none
### Roles
A list of required roles. Parent roles must not be listed.
tbd: A list of required roles. Parent roles must not be listed.
### Variables
......@@ -19,21 +19,23 @@ Changed variable of parent roles must be listed too.
## Processes
A rough overview of the steps.
tbd: A rough overview of the steps.
### <task list>
1. <step 1>
2. ..
## License
## Features
BSD-3-Clauses
A detailed description of roles features
## Author Information
## License
- Michael Klix <michael.klix@tu-dresden.de>
BSD-3-Clauses
Based on the provided SDM framework of
- Martin Pietsch <martin.pietsch@tu-dresden.de>
## Contributors
Mainly influenced by the implementation/example of
- Nicolas Bigot <https://github.com/nbigot/ansible-fail2ban>
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
- firstname lastname <e-mail-address>
## Literature
- https://fail2ban.org/wiki/index.php/Category:HTTP
- https://fedoraproject.org/wiki/Fail2ban_with_FirewallD
- https://computingforgeeks.com/install-and-use-firewalld-on-ubuntu-18-04-ubuntu-16-04
# defaults file for fail2ban
---
# defaults file for project-template
fail2ban_loglevel: INFO
fail2ban_logtarget: /var/log/fail2ban.log
fail2ban_syslog_target: /var/log/fail2ban.log
fail2ban_syslog_facility: 1
fail2ban_socket: /var/run/fail2ban/fail2ban.sock
fail2ban_pidfile: /var/run/fail2ban/fail2ban.pid
fail2ban_sendername: 'Fail2ban'
fail2ban_ignoreips:
- 127.0.0.1/8
fail2ban_bantime: 600
fail2ban_maxretry: 3
fail2ban_findtime: 600
# tbd fail2ban_backend: auto
# tbd fail2ban_banaction: iptables-multiport
# tbd fail2ban_mta: sendmail
# tbd fail2ban_protocol: tcp
# tbd fail2ban_chain: INPUT
# tbd fail2ban_action: '%(action_)s'
# fail2ban_services:
# - name: sshd
# - name: httpd
# fail2ban_jaild_path: files/jail.d/
---
# handlers file for project-template
# handlers file for fail2ban
---
galaxy_info:
author: your name
description: your role description
company: your company (optional)
author: Michael Klix (michael.klix@tu-dresden.de)
description: This role configures fail2ban.
company: Technische Universität Dresden
role_name: package_security_fail2ban
namespace: sdm
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
license: BSD-3-Clause
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.10
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
platforms:
- name: Linux/systemd
versions:
- all
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
---
- name: Converge
hosts: all
vars:
system_config_directory: "/etc"
tasks:
- name: "Include project-template"
include_role:
name: "project-template"
- name: "configure fail2ban"
sdm.oor.call_role:
name: package.security.fail2ban
tasks: configure
---
dependency:
name: galaxy
enabled: False
enabled: false
driver:
name: podman
platforms:
- name: debian
- name: package_security_fail2ban_debian
registry:
url: gitlab.mn.tu-dresden.de:8000
image: sdmgroup/containers/debian10:latest
......@@ -22,7 +22,7 @@ provisioner:
stdout_callback: sdm.oor.sdmdefault
strategy: sdm.oor.sdmlinear
vars_plugins_enabled: sdm.common.sdm_host_group_vars
deprecation_warnings: False
deprecation_warnings: false
remote_tmp: /tmp
playbooks:
create: create.yml
......
---
# tasks file for project-template
- name: "call inherited configure tasks"
sdm.oor.call_tasks:
from: configure
super: true
- name: "configure fail2ban: update configuration file"
ansible.builtin.template:
src: fail2ban.local.j2
dest: "{{ '{}/fail2ban/fail2ban.local'.format(system_config_directory) }}"
owner: "root"
group: "root"
mode: 0644
notify:
- "restart fail2ban"
- name: "configure fail2ban: update jail file"
ansible.builtin.template:
src: jail.local.j2
dest: "{{ '{}/fail2ban/jail.local'.format(system_config_directory) }}"
owner: "root"
group: "root"
mode: 0644
notify:
- "restart fail2ban"
# Overrides values from the fail2ban.conf configuration file.
#
# For comments relating to each setting see fail2ban.conf
# source: https://github.com/nbigot/ansible-fail2ban/blob/master/templates/etc/fail2ban/fail2ban.local.j2
[Definition]
......
# source: https://github.com/nbigot/ansible-fail2ban/blob/master/templates/etc/fail2ban/jail.local.j2
\ No newline at end of file
# example-source:
# https://github.com/nbigot/ansible-fail2ban/blob/master/templates/etc/fail2ban/jail.local.j2
......@@ -2,4 +2,4 @@
- hosts: localhost
remote_user: root
roles:
- project-template
- package.security.fail2ban/
---
# vars file for project-template
# vars file for package.security.fail2ban/
package_packages: ["fail2ban"]
package_services: ["fail2ban.service"]
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment