diff options
| author | clarkzjw <[email protected]> | 2023-02-08 00:40:09 -0800 |
|---|---|---|
| committer | clarkzjw <[email protected]> | 2023-02-08 00:40:09 -0800 |
| commit | 1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch) | |
| tree | 129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/roles/fail2ban/tasks/main.yml | |
| parent | 9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff) | |
| download | mail-master.tar.gz | |
Diffstat (limited to 'ansible/roles/fail2ban/tasks/main.yml')
| -rw-r--r-- | ansible/roles/fail2ban/tasks/main.yml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/ansible/roles/fail2ban/tasks/main.yml b/ansible/roles/fail2ban/tasks/main.yml new file mode 100644 index 0000000..6d8e237 --- /dev/null +++ b/ansible/roles/fail2ban/tasks/main.yml | |||
| @@ -0,0 +1,28 @@ | |||
| 1 | --- | ||
| 2 | # dovecot is configured to respect the fail2ban deny decisions | ||
| 3 | # A failed login is recorded as: | ||
| 4 | # dovecot[<pid>]: imap-login: access(tcpwrap): Client refused (rip=<ip>) | ||
| 5 | - name: install fail2ban | ||
| 6 | apt: | ||
| 7 | name: fail2ban | ||
| 8 | state: latest | ||
| 9 | install_recommends: false | ||
| 10 | |||
| 11 | - name: copy fail2ban config | ||
| 12 | copy: | ||
| 13 | src: fail2ban/ | ||
| 14 | dest: /etc/fail2ban/ | ||
| 15 | mode: preserve | ||
| 16 | notify: | ||
| 17 | - restart fail2ban | ||
| 18 | |||
| 19 | |||
| 20 | # verify everything is running | ||
| 21 | - name: verify services are running in dependency order | ||
| 22 | service: | ||
| 23 | name: "{{ item }}" | ||
| 24 | enabled: yes | ||
| 25 | state: started | ||
| 26 | loop: | ||
| 27 | - fail2ban | ||
| 28 | |||