forked from evolix/ansible-roles
fail2ban: add a variable to disable the ssh filter (default: False)
This commit is contained in:
parent
0869fb539a
commit
e939198159
|
@ -17,6 +17,7 @@ The **patch** part changes incrementally at each release.
|
|||
* evocheck: detect installed packages even if "held" by APT (manual fix)
|
||||
* evocheck: the crontab is updated by the role (default: `True`)
|
||||
* evolinux-base: add mail related aliases
|
||||
* fail2ban: add a variable to disable the ssh filter (default: `False`)
|
||||
* generate-ldif: detect installed packages even if "held" by APT
|
||||
* java: support for Oracle JRE
|
||||
* kibana: log messages go to /var/log/kibana/kibana.log
|
||||
|
|
|
@ -13,5 +13,6 @@ Main variables are :
|
|||
* `general_alert_email`: email address to send various alert messages (default: `root@localhost`).
|
||||
* `fail2ban_alert_email`: email address for messages sent to root (default: `general_alert_email`).
|
||||
* `fail2ban_ignore_ips`: list of IPs to ignore (default: empty).
|
||||
* `fail2ban_disable_ssh`: if true, the "sshd" filter is disabled, otherwise nothing is done, not even enabling the filter (default: `False`).
|
||||
|
||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
||||
|
|
|
@ -7,3 +7,5 @@ fail2ban_additional_ignore_ips: []
|
|||
|
||||
fail2ban_wordpress: False
|
||||
fail2ban_roundcube: False
|
||||
|
||||
fail2ban_disable_ssh: False
|
||||
|
|
|
@ -28,6 +28,17 @@
|
|||
tags:
|
||||
- fail2ban
|
||||
|
||||
- name: Disable SSH filter
|
||||
ini_file:
|
||||
dest: /etc/fail2ban/jail.local
|
||||
section: sshd
|
||||
option: enabled
|
||||
value: false
|
||||
notify: restart fail2ban
|
||||
when: fail2ban_disable_ssh
|
||||
tags:
|
||||
- fail2ban
|
||||
|
||||
- name: custom filters are installed
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
|
|
Loading…
Reference in a new issue