diff options
Diffstat (limited to 'tasks/harden.yaml')
| -rw-r--r-- | tasks/harden.yaml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/tasks/harden.yaml b/tasks/harden.yaml index dfccce7..125b8d3 100644 --- a/tasks/harden.yaml +++ b/tasks/harden.yaml @@ -120,12 +120,34 @@ - name: update grub command: update-grub +- name: create sshd fail2ban jail + copy: + src: fail2ban/jail.d/sshd.local + dest: "{{ fail2ban_jail_dir }}/sshd.local" + owner: root + group: root + mode: '0644' + +- name: copy fail2ban jail configuration + copy: + src: /etc/fail2ban/jail.conf + dest: /etc/fail2ban/jail.local + remote_src: true + mode: '0644' + - name: allow ssh port and enable ufw ufw: rule: allow port: 22 proto: tcp +- name: restart fail2ban + systemd: + name: fail2ban + state: restarted + enabled: true + when: ansible_service_mgr == 'systemd' + - name: enable ufw ufw: state: enabled |