summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks/fail2ban.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/tasks/fail2ban.yml')
-rw-r--r--roles/common/tasks/fail2ban.yml4
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml
index 89427ea..e56deaf 100644
--- a/roles/common/tasks/fail2ban.yml
+++ b/roles/common/tasks/fail2ban.yml
@@ -36,44 +36,44 @@
- Restart fail2ban
- name: Configure fail2ban (action.d/nftables-allports.local)
copy: src=etc/fail2ban/action.d/nftables-allports.local
dest=/etc/fail2ban/action.d/nftables-allports.local
owner=root group=root
mode=0644
register: r3
notify:
- Restart fail2ban
- name: Copy filters
copy: src=etc/fail2ban/filter.d/
dest=/etc/fail2ban/filter.d/
owner=root group=root
mode=0644
register: r4
notify:
- Restart fail2ban
-- name: Create directory /etc/systemd/system/fail2ban.service.d/override.conf
+- name: Create directory /etc/systemd/system/fail2ban.service.d
file: path=/etc/systemd/system/fail2ban.service.d
state=directory
owner=root group=root
- mode=0750
+ mode=0755
- name: Harden fail2ban.service
copy: src=etc/systemd/system/fail2ban.service.d/override.conf
dest=/etc/systemd/system/fail2ban.service.d/override.conf
owner=root group=root
mode=0644
register: r5
notify:
- systemctl daemon-reload
- Restart fail2ban
- name: Start fail2ban
service: name=fail2ban state=started
when: not (r1.changed or r2.changed or r3.changed or r4.changed or r5.changed)
- meta: flush_handlers
- name: Delete /var/lib/fail2ban/fail2ban.sqlite3
file: path=/var/lib/fail2ban/fail2ban.sqlite3 state=absent
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-08 08:50:45 +0000