1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
--- # tasks file for fail2ban - name: include assert.yml include_tasks: assert.yml run_once: yes - name: install fail2ban package: name: "{{ fail2ban_packages }}" state: present - name: configure fail2ban.conf ini_file: path: /etc/fail2ban/fail2ban.conf section: "{{ item.section }}" option: "{{ item.option }}" value: "{{ item.value }}" mode: "0640" loop: "{{ fail2ban_base_configuration + fail2ban_configuration }}" notify: - restart fail2ban loop_control: label: "{{ item.option }}" - name: configure jail.local ini_file: path: /etc/fail2ban/jail.local section: "{{ item.section }}" option: "{{ item.option }}" value: "{{ item.value }}" mode: "0640" loop: "{{ fail2ban_base_jail_configuration + fail2ban_jail_configuration }}" notify: - restart fail2ban loop_control: label: "{{ item.option }}" - name: stat auth log file stat: path: /var/log/auth.log register: fail2ban_auth - name: touch auth log file file: path: /var/log/auth.log state: touch mode: "0640" when: - fail2ban_auth.stat.exists is defined - not fail2ban_auth.stat.exists - name: start and enable fail2ban service: name: "{{ fail2ban_service }}" state: started enabled: yes