aboutsummaryrefslogtreecommitdiff
path: root/attackbox/tasks/harden.yaml
diff options
context:
space:
mode:
authorheqnx <root@heqnx.com>2025-05-24 16:06:06 +0300
committerheqnx <root@heqnx.com>2025-05-24 16:06:06 +0300
commit2ccb5034924a75aac483f1060ae5d0d1a0293569 (patch)
treeac19c69e34b0fbb56b5f1f9abc9696f8537c199c /attackbox/tasks/harden.yaml
parent007be4c334fdd072ff5c058f68c7b373c3ddf7b7 (diff)
downloadansible-playbooks-2ccb5034924a75aac483f1060ae5d0d1a0293569.tar.gz
ansible-playbooks-2ccb5034924a75aac483f1060ae5d0d1a0293569.zip
added fail2ban, sshd verbose logging, more handlers
Diffstat (limited to 'attackbox/tasks/harden.yaml')
-rw-r--r--attackbox/tasks/harden.yaml18
1 files changed, 17 insertions, 1 deletions
diff --git a/attackbox/tasks/harden.yaml b/attackbox/tasks/harden.yaml
index ad55699..d45d5e3 100644
--- a/attackbox/tasks/harden.yaml
+++ b/attackbox/tasks/harden.yaml
@@ -57,7 +57,7 @@
UsePAM yes
Protocol 2
Subsystem sftp /usr/libexec/openssh/sftp-server
- LogLevel quiet
+ LogLevel verbose
PrintMotd no
AcceptEnv LANG LC_*
MaxSessions 5
@@ -89,6 +89,7 @@
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
args:
creates: /etc/ssh/ssh_host_ed25519_key
+ notify: restart ssh
- name: enable unattended-upgrades
shell: dpkg-reconfigure --priority=low unattended-upgrades
@@ -119,4 +120,19 @@
state: enabled
policy: deny
+- name: deploy custom fail2ban jail.local
+ template:
+ src: templates/jail.local.j2
+ dest: /etc/fail2ban/jail.local
+ owner: root
+ group: root
+ mode: '0644'
+ notify:
+ - restart fail2ban
+ - reload fail2ban
+- name: enable and start fail2ban
+ systemd:
+ name: fail2ban
+ enabled: true
+ state: started
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-29 05:37:56 +0000