added sshd fail2ban

author: heqnx <root@heqnx.com> 2025-06-23 10:24:15 +0300
committer: heqnx <root@heqnx.com> 2025-06-23 10:24:15 +0300
commit: 5832dc592761147a607a3ba35af8715c9adb0527 (patch)
tree: fbdcd9459b5f33d6f345ddf80d6f74c19bc8426d /tasks
parent: 049669e1cbb4a900fd4ac5c5ce506218c51da507 (diff)
download: ansible-pve-host-5832dc592761147a607a3ba35af8715c9adb0527.tar.gz
ansible-pve-host-5832dc592761147a607a3ba35af8715c9adb0527.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/tasks/harden.yaml b/tasks/harden.yaml
index dfccce7..125b8d3 100644
--- a/tasks/harden.yaml
+++ b/tasks/harden.yaml
@@ -120,12 +120,34 @@
 - name: update grub
   command: update-grub
 
+- name: create sshd fail2ban jail 
+  copy:
+    src: fail2ban/jail.d/sshd.local
+    dest: "{{ fail2ban_jail_dir }}/sshd.local"
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: copy fail2ban jail configuration
+  copy:
+    src: /etc/fail2ban/jail.conf
+    dest: /etc/fail2ban/jail.local
+    remote_src: true
+    mode: '0644'
+
 - name: allow ssh port and enable ufw
   ufw:
     rule: allow
     port: 22
     proto: tcp
 
+- name: restart fail2ban
+  systemd:
+    name: fail2ban
+    state: restarted
+    enabled: true
+  when: ansible_service_mgr == 'systemd'
+
 - name: enable ufw
   ufw:
     state: enabled
author	heqnx <root@heqnx.com>	2025-06-23 10:24:15 +0300
committer	heqnx <root@heqnx.com>	2025-06-23 10:24:15 +0300
commit	5832dc592761147a607a3ba35af8715c9adb0527 (patch)
tree	fbdcd9459b5f33d6f345ddf80d6f74c19bc8426d /tasks
parent	049669e1cbb4a900fd4ac5c5ce506218c51da507 (diff)
download	ansible-pve-host-5832dc592761147a607a3ba35af8715c9adb0527.tar.gz ansible-pve-host-5832dc592761147a607a3ba35af8715c9adb0527.zip