Ensure apply dbpurgeage from stretch and buster for fail2ban
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
53847d9919
commit
e0c95b4c78
19
fail2ban/tasks/fix-dbpurgeage.yml
Normal file
19
fail2ban/tasks/fix-dbpurgeage.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
- name: Sqlite needed
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- sqlite3
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Register bantime from default config from package
|
||||||
|
shell: "grep -R -E 'dbpurgeage[[:blank:]]*=[[:blank:]]*[0-9]+' /etc/fail2ban/fail2ban.conf |awk '{print $3}'|head -n1"
|
||||||
|
register: default_dbpurgeage
|
||||||
|
changed_when: false
|
||||||
|
check_mode: false
|
||||||
|
|
||||||
|
- name: Add crontab
|
||||||
|
template:
|
||||||
|
src: fail2ban_dbpurge.j2
|
||||||
|
dest: /etc/cron.daily/fail2ban_dbpurge
|
||||||
|
mode: 0700
|
||||||
|
owner: root
|
||||||
|
group: root
|
|
@ -103,4 +103,11 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify: restart fail2ban
|
notify: restart fail2ban
|
||||||
when:
|
when:
|
||||||
- fail2ban_recidive
|
- fail2ban_recidive
|
||||||
|
|
||||||
|
- name: Fix dbpurgeage for stretch and buster
|
||||||
|
include: fix-dbpurgeage.yml
|
||||||
|
when:
|
||||||
|
- ansible_distribution_release == "stretch" or ansible_distribution_release == "buster"
|
||||||
|
tags:
|
||||||
|
- fail2ban
|
||||||
|
|
3
fail2ban/templates/fail2ban_dbpurge.j2
Normal file
3
fail2ban/templates/fail2ban_dbpurge.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# Juin 2022 : #64088
|
||||||
|
/usr/bin/sqlite3 /var/lib/fail2ban/fail2ban.sqlite3 "DELETE FROM bans WHERE date('now', '-{{ fail2ban_recidive_bantime | default(default_dbpurgeage.stdout) }}') > datetime(timeofban, 'unixepoch'); VACUUM;"
|
|
@ -1,4 +1,6 @@
|
||||||
---
|
---
|
||||||
- hosts: test-kitchen
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
# gather_facts: no
|
||||||
roles:
|
roles:
|
||||||
- role: fail2ban
|
- role: fail2ban
|
||||||
|
|
Loading…
Reference in a new issue