summaryrefslogtreecommitdiffstats
path: root/roles/common/templates/etc
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-10-30 21:47:29 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:50:30 +0200
commit035ea3c7dbe80c92c59635f710076c586c7394c8 (patch)
tree086b349c59afc2f866efade585f6fb9a511d3316 /roles/common/templates/etc
parentdd6085c28219e6acca0c7ae1c6428b064c65e752 (diff)
Configure fail2ban.
Diffstat (limited to 'roles/common/templates/etc')
-rw-r--r--roles/common/templates/etc/fail2ban/jail.local.j245
1 files changed, 45 insertions, 0 deletions
diff --git a/roles/common/templates/etc/fail2ban/jail.local.j2 b/roles/common/templates/etc/fail2ban/jail.local.j2
new file mode 100644
index 0000000..818ec88
--- /dev/null
+++ b/roles/common/templates/etc/fail2ban/jail.local.j2
@@ -0,0 +1,45 @@
+# {{ ansible_managed }}
+# Do NOT edit this file directly!
+
+[DEFAULT]
+
+# Destination email address used solely for the interpolations in
+# jail.{conf,local} configuration files.
+destemail = admin@fripost.org
+
+action = %(action_)s
+
+#
+# JAILS
+#
+
+[ssh]
+
+enabled = true
+port = {{ ansible_ssh_port|default('22') }}
+filter = sshd
+logpath = /var/log/auth.log
+maxretry = 5
+
+[ssh-ddos]
+
+enabled = true
+port = {{ ansible_ssh_port|default('22') }}
+filter = sshd-ddos
+logpath = /var/log/auth.log
+maxretry = 2
+
+
+# Generic filter for pam. Has to be used with action which bans all ports
+# such as iptables-allports, shorewall
+[pam-generic]
+
+enabled = true
+# pam-generic filter can be customized to monitor specific subset of 'tty's
+filter = pam-generic
+# port actually must be irrelevant but lets leave it all for some possible uses
+port = all
+banaction = iptables-allports
+port = anyport
+logpath = /var/log/auth.log
+maxretry = 6