fail2ban
Install and configure fail2ban on your system.
| GitHub | GitLab | Quality | Downloads | Version |
|---|---|---|---|---|
 |
 |
 |
 |
 |
Example Playbook
This example is taken from molecule/resources/converge.yml and is tested on each push, pull request and release.
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
roles:
- role: robertdebock.fail2banThe machine needs to be prepared in CI this is done using molecule/resources/prepare.yml:
---
- name: Prepare
hosts: all
gather_facts: no
become: yes
roles:
- role: robertdebock.bootstrap
- role: robertdebock.epelAlso see a full explanation and example on how to use these roles.
Role Variables
These variables are set in defaults/main.yml:
---
# defaults file for fail2ban
fail2ban_loglevel: INFO
fail2ban_logtarget: /var/log/fail2ban.log
fail2ban_ignoreself: "true"
fail2ban_ignoreips: "127.0.0.1/8 ::1"
# In seconds
fail2ban_bantime: 600
fail2ban_findtime: 600
fail2ban_maxretry: 5
fail2ban_destemail: root@localhost
fail2ban_sender: root@{{ ansible_fqdn }}
fail2ban_configuration: []
# - option: loglevel
# value: "INFO"
# section: Definition
fail2ban_jail_configuration: []
# - option: ignoreself
# value: "true"
# section: DEFAULTRequirements
- pip packages listed in requirements.txt.
Status of requirements
The following roles are used to prepare a system. You may choose to prepare your system in another way, I have tested these roles as well.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
| robertdebock.epel |  |
 |
Context
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
Compatibility
This role has been tested on these container images:
| container | tags |
|---|---|
| amazon | Candidate |
| el | 7, 8 |
| debian | buster, bullseye |
| fedora | all |
| ubuntu | focal, bionic |
The minimum version of Ansible required is 2.10, tests have been done to:
- The previous version.
- The current version.
- The development version.
Exceptions
Some variarations of the build matrix do not work. These are the variations and reasons why the build won't work:
| variation | reason |
|---|---|
| alpine | Service fail2ban' needs non existent service logger' |
| amazonlinux:1 | Based on EL6, not supported since 2020Q4. |
| opensuse | The package fail2ban depends on python2, we switched to python3. |
If you find issues, please register them in GitHub
License
Apache-2.0
Contributors
I'd like to thank everybody that made contributions to this repository. It motivates me, improves the code and is just fun to collaborate.
Author Information
Please consider sponsoring me.