Ludovic Poujol
1e19418fb0
continuous-integration/drone/push Build is passing
Details
* Give the possibility to override jail.local (with fail2ban_override_jaillocal) * If jail.local was overriden, add a warning * Allow to tune some jail settings (maxretry, bantime, findtime) with ansible * Allow to tune the default action with ansible * Change default action to ban only (instead of ban + mail with whois report) * Configure recidive jail (off by default) + extend dbpurgeage |
||
---|---|---|
.. | ||
defaults | ||
files | ||
handlers | ||
meta | ||
tasks | ||
templates | ||
tests | ||
.kitchen.yml | ||
README.md |
README.md
fail2ban
Install Fail2ban.
Tasks
Everything is in the tasks/main.yml
file.
An ip_whitelist.yml
standalone task file is available to update IP adresses whitelist without rolling the whole role.
Available variables
Main variables are :
general_alert_email
: email address to send various alert messages (default:root@localhost
).fail2ban_alert_email
: email address for messages sent to root (default:general_alert_email
).fail2ban_default_ignore_ips
: default list of IPs to ignore (default: empty).fail2ban_additional_ignore_ips
: additional list of IPs to ignore (default: empty).fail2ban_disable_ssh
: if true, the "sshd" filter is disabled, otherwise nothing is done, not even enabling the filter (default:False
).
The full list of variables (with default values) can be found in defaults/main.yml
.