diff options
Diffstat (limited to 'attackbox/tasks/harden.yaml')
| -rw-r--r-- | attackbox/tasks/harden.yaml | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/attackbox/tasks/harden.yaml b/attackbox/tasks/harden.yaml index ad55699..d45d5e3 100644 --- a/attackbox/tasks/harden.yaml +++ b/attackbox/tasks/harden.yaml @@ -57,7 +57,7 @@ UsePAM yes Protocol 2 Subsystem sftp /usr/libexec/openssh/sftp-server - LogLevel quiet + LogLevel verbose PrintMotd no AcceptEnv LANG LC_* MaxSessions 5 @@ -89,6 +89,7 @@ ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" args: creates: /etc/ssh/ssh_host_ed25519_key + notify: restart ssh - name: enable unattended-upgrades shell: dpkg-reconfigure --priority=low unattended-upgrades @@ -119,4 +120,19 @@ state: enabled policy: deny +- name: deploy custom fail2ban jail.local + template: + src: templates/jail.local.j2 + dest: /etc/fail2ban/jail.local + owner: root + group: root + mode: '0644' + notify: + - restart fail2ban + - reload fail2ban +- name: enable and start fail2ban + systemd: + name: fail2ban + enabled: true + state: started |