2 files changed, 17 insertions, 9 deletions

diff --git a/attackbox/tasks/handlers.yaml b/attackbox/tasks/handlers.yaml
deleted file mode 100644
index 540554f..0000000
--- a/attackbox/tasks/handlers.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-- name: update grub
-  command: update-grub
-
-- name: restart tor
-  systemd:
-    name: tor
-    state: restarted
-  when: ansible_facts['service_mgr'] == 'systemd'
diff --git a/attackbox/tasks/harden.yaml b/attackbox/tasks/harden.yaml
index ad55699..d45d5e3 100644
--- a/attackbox/tasks/harden.yaml
+++ b/attackbox/tasks/harden.yaml
@@ -57,7 +57,7 @@
       UsePAM yes
       Protocol 2
       Subsystem sftp /usr/libexec/openssh/sftp-server
-      LogLevel quiet
+      LogLevel verbose
       PrintMotd no
       AcceptEnv LANG LC_*
       MaxSessions 5
@@ -89,6 +89,7 @@
     ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
   args:
     creates: /etc/ssh/ssh_host_ed25519_key
+  notify: restart ssh
 
 - name: enable unattended-upgrades
   shell: dpkg-reconfigure --priority=low unattended-upgrades
@@ -119,4 +120,19 @@
     state: enabled
     policy: deny
 
+- name: deploy custom fail2ban jail.local
+  template:
+    src: templates/jail.local.j2
+    dest: /etc/fail2ban/jail.local
+    owner: root
+    group: root
+    mode: '0644'
+  notify:
+    - restart fail2ban
+    - reload fail2ban
 
+- name: enable and start fail2ban
+  systemd:
+    name: fail2ban
+    enabled: true
+    state: started