History

Ludovic Poujol 16bba8b469 Ansible Lint \|Total\|New\|Outstanding\|Fixed\|Trend \|:-:\|:-:\|:-:\|:-:\|:-: \|2614\|6\|2608\|3\|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/311//ansiblelint">Evolix » ansible-roles » unstable #311</a> Details gitea/ansible-roles/pipeline/head This commit looks good Details fail2ban: add variable fail2ban_sshd_port to configure sshd port		2023-07-31 11:50:36 +02:00
..
defaults	fail2ban: add variable fail2ban_sshd_port to configure sshd port	2023-07-31 11:50:36 +02:00
files	fail2ban: add 'Internal login failure' to Dovecot filter	2023-01-23 10:33:10 +01:00
handlers	Use FQCN	2023-03-20 23:33:19 +01:00
meta	Update Galaxy metadata (company, platforms and galaxy_tags)	2021-06-28 15:26:28 +02:00
tasks	Set fail2ban_dbpurgeage_default variable for fail2ban	2023-07-04 15:36:02 +02:00
templates	fail2ban: add variable fail2ban_sshd_port to configure sshd port	2023-07-31 11:50:36 +02:00
tests	change syntax "become: [yes,no]" → "become: [true,false]"	2023-07-03 14:21:22 +02:00
.kitchen.yml	Kitchen: Change base image to evolix/ansible	2017-06-02 08:38:08 -04:00
README.md	apache/nginx/fail2ban: mention ip_whitelist.yml in README.md	2018-11-02 18:18:22 +01:00

fail2ban

Install Fail2ban.

Tasks

Everything is in the tasks/main.yml file.

An ip_whitelist.yml standalone task file is available to update IP adresses whitelist without rolling the whole role.

Main variables are :

general_alert_email: email address to send various alert messages (default: root@localhost).
fail2ban_alert_email: email address for messages sent to root (default: general_alert_email).
fail2ban_default_ignore_ips: default list of IPs to ignore (default: empty).
fail2ban_additional_ignore_ips: additional list of IPs to ignore (default: empty).
fail2ban_disable_ssh: if true, the "sshd" filter is disabled, otherwise nothing is done, not even enabling the filter (default: False).

The full list of variables (with default values) can be found in defaults/main.yml.