Ensure apply dbpurgeage from stretch and buster for fail2ban

2022-07-08 11:26:00 +02:00 · 2022-07-08 11:26:00 +02:00 · e0c95b4c78
parent 53847d9919
commit e0c95b4c78
4 changed files with 33 additions and 2 deletions
--- a/fail2ban/tasks/fix-dbpurgeage.yml
+++ b/fail2ban/tasks/fix-dbpurgeage.yml
@ -0,0 +1,19 @@
+- name: Sqlite needed
+  ansible.builtin.apt:
+    name:
+      - sqlite3
+    state: present
+
+- name: Register bantime from default config from package
+  shell: "grep -R -E 'dbpurgeage[[:blank:]]*=[[:blank:]]*[0-9]+' /etc/fail2ban/fail2ban.conf |awk '{print $3}'|head -n1"
+  register: default_dbpurgeage
+  changed_when: false
+  check_mode: false
+
+- name: Add crontab
+  template:
+    src: fail2ban_dbpurge.j2
+    dest: /etc/cron.daily/fail2ban_dbpurge
+    mode: 0700
+    owner: root
+    group: root
--- a/fail2ban/tasks/main.yml
+++ b/fail2ban/tasks/main.yml
@ -103,4 +103,11 @@
    mode: "0644"
  notify: restart fail2ban
  when:
-    - fail2ban_recidive
+    - fail2ban_recidive
+
+- name: Fix dbpurgeage for stretch and buster
+  include: fix-dbpurgeage.yml
+  when:
+    - ansible_distribution_release == "stretch" or ansible_distribution_release == "buster"
+  tags:
+    - fail2ban
--- a/fail2ban/templates/fail2ban_dbpurge.j2
+++ b/fail2ban/templates/fail2ban_dbpurge.j2
@ -0,0 +1,3 @@
+#!/bin/sh
+# Juin 2022 : #64088
+/usr/bin/sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "DELETE FROM bans WHERE date('now', '-{{  fail2ban_recidive_bantime | default(default_dbpurgeage.stdout) }}') > datetime(timeofban, 'unixepoch'); VACUUM;"
--- a/fail2ban/tests/test.yml
+++ b/fail2ban/tests/test.yml
@ -1,4 +1,6 @@
 ---
- hosts: test-kitchen
+- hosts: all
+  become: yes
+#  gather_facts: no
  roles:
    - role: fail2ban