From 5832dc592761147a607a3ba35af8715c9adb0527 Mon Sep 17 00:00:00 2001
From: heqnx <root@heqnx.com>
Date: Mon, 23 Jun 2025 10:24:15 +0300
Subject: added sshd fail2ban

---
 tasks/harden.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'tasks')

diff --git a/tasks/harden.yaml b/tasks/harden.yaml
index dfccce7..125b8d3 100644
--- a/tasks/harden.yaml
+++ b/tasks/harden.yaml
@@ -120,12 +120,34 @@
 - name: update grub
   command: update-grub
 
+- name: create sshd fail2ban jail 
+  copy:
+    src: fail2ban/jail.d/sshd.local
+    dest: "{{ fail2ban_jail_dir }}/sshd.local"
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: copy fail2ban jail configuration
+  copy:
+    src: /etc/fail2ban/jail.conf
+    dest: /etc/fail2ban/jail.local
+    remote_src: true
+    mode: '0644'
+
 - name: allow ssh port and enable ufw
   ufw:
     rule: allow
     port: 22
     proto: tcp
 
+- name: restart fail2ban
+  systemd:
+    name: fail2ban
+    state: restarted
+    enabled: true
+  when: ansible_service_mgr == 'systemd'
+
 - name: enable ufw
   ufw:
     state: enabled
-- 
cgit v1.2.3