1 files changed, 22 insertions, 0 deletions

diff --git a/tasks/harden.yaml b/tasks/harden.yaml
index dfccce7..125b8d3 100644
--- a/tasks/harden.yaml
+++ b/tasks/harden.yaml
@@ -120,12 +120,34 @@
 - name: update grub
   command: update-grub
 
+- name: create sshd fail2ban jail 
+  copy:
+    src: fail2ban/jail.d/sshd.local
+    dest: "{{ fail2ban_jail_dir }}/sshd.local"
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: copy fail2ban jail configuration
+  copy:
+    src: /etc/fail2ban/jail.conf
+    dest: /etc/fail2ban/jail.local
+    remote_src: true
+    mode: '0644'
+
 - name: allow ssh port and enable ufw
   ufw:
     rule: allow
     port: 22
     proto: tcp
 
+- name: restart fail2ban
+  systemd:
+    name: fail2ban
+    state: restarted
+    enabled: true
+  when: ansible_service_mgr == 'systemd'
+
 - name: enable ufw
   ufw:
     state: enabled