robertdebock / ansible-role-fail2ban Goto Github PK
View Code? Open in Web Editor NEWInstall and configure fail2ban on your system.
Home Page: https://robertdebock.nl/
License: Apache License 2.0
Install and configure fail2ban on your system.
Home Page: https://robertdebock.nl/
License: Apache License 2.0
I try to add multiple actions in one section in jail. It is not possible in current role form.
Please paste the playbook you are using. (Consider requirements.yml
and
optionally the command you've invoked.)
---
- role: robertdebock.fail2ban
become: true
vars:
fail2ban_filterd_path: "../fail2ban/filters/"
fail2ban_jail_configuration:
- section: syslog-sftp
option: action
value: |
iptables-allports[actname=sshd,name=sshd,protocol=all]
iptables-allports[actname=sshd-docker,name=sshd-docker,protocol=all,chain=DOCKER]
It will constantly multiple last line (add it with each playbook execution):
action = iptables-allports[actname=sshd,name=sshd,protocol=all]
iptables-allports[actname=sshd-docker,name=sshd-docker,protocol=all,chain=DOCKER]
+ iptables-allports[actname=sshd-docker,name=sshd-docker,protocol=all,chain=DOCKER]
cat /etc/os-release
): MacOS on M1ansible --version
): 2.15.1cat /etc/os-release
): "Ubuntu 22.04.2 LTS"Please consider sponsoring me.
IP addresses added to the ignoreips
variable are not being ignored by fail2ban. Running fail2ban-client get sshd ignoreip
returns nothings.
The ignoreip
line belongs in jail.local
, not fail2ban.local.
as detailed in the jail.conf
default configuration.
Is your feature request related to a problem? Please describe.
This role modifies the jail.conf file for customisation. This file gets overwritten with every update.
Describe the solution you'd like
According to fail2ban the recommended approach would be to provide customisations in jail.local or jail.d/customisation.local file. Switching jail.conf to jail.local in main.yml should do the trick.
Describe alternatives you've considered
It might be worth considering putting in a template customisation.local file with sane defaults which the user can switch with their own. This could be done by playbook pathing. The file name could be provided in a variable, that way the user won't have to modify the role.
Additional context
N/A
"Provides Postfix for your system"
Shouldn't this be "Provides fail2ban"?
Describe the bug
It seems the role doesn't configure anything. Is it a WIP?
It installs fail2ban and enables the service.
Hi,
Could you please point me in the right direction as to how to configure a jail (ssh for example) using this role?
Thanks!
Hi when i use my playbook to install your role thje check mode failed on this task , it could be cool to make it work in check mode to be sure to what changes will be made
TASK [robertdebock.fail2ban : test if fail2ban_jail_configuration is set correctly] *******************************************************************************************************************************************************************************************************************************************
fatal: [192.168.1.X]: FAILED! => {}
MSG:
The conditional check 'item.value | length > 0' failed. The error was: Unexpected templating type error occurred on ({% if item.value | length > 0 %} True {% else %} False {% endif %}): object of type 'bool' has no len()
Add a new step in the playbook to copy filters in filterd folder.
For the moment, if you specify a filter in your jail local conf, it will fail as the filters do not exist.
I will propose a PR for that.
Your examples could be enhanced to allow newer users to get started with your library.
Anyone starting with Ansible is likely to be coming from shell scripts and so their first playbooks are likely to be a long list of tasks that operate steps already defined in their scripts. At some point, as they look for example code they will come across your library, but to use it they need to understand the basics for ansible-galaxy and find a way to merge tasks and roles into a single playbook.
After some hunting around the way to combine tasks and roles turned out to be simple - but you have to find an example. It would be helpful if your notes included such an example. For fail2ban it is as simple as the following task
- name: install fail2ban via a role wrapped as a task
import_role:
name: robertdebock.fail2ban
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.