summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks/fail2ban.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/tasks/fail2ban.yml')
-rw-r--r--roles/common/tasks/fail2ban.yml20
1 files changed, 2 insertions, 18 deletions
diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml
index 89427ea..563075f 100644
--- a/roles/common/tasks/fail2ban.yml
+++ b/roles/common/tasks/fail2ban.yml
@@ -1,22 +1,6 @@
- name: Install fail2ban
apt: pkg=fail2ban
-# Log into a dedicate directory so we can use ReadWriteDirectories in
-# the .service file
-- name: Create directory /var/log/fail2ban
- file: path=/var/log/fail2ban
- state=directory
- owner=root group=adm
- mode=0750
-
-- name: Fix fail2ban logrotate snippet
- lineinfile: dest=/etc/logrotate.d/fail2ban
- state=present
- line="/var/log/fail2ban/*.log"
- insertbefore="^[^#]*\\s{$"
- tags:
- - logrotate
-
- name: Configure fail2ban (fail2ban.local)
copy: src=etc/fail2ban/fail2ban.local
dest=/etc/fail2ban/fail2ban.local
@@ -53,11 +37,11 @@
notify:
- Restart fail2ban
-- name: Create directory /etc/systemd/system/fail2ban.service.d/override.conf
+- name: Create directory /etc/systemd/system/fail2ban.service.d
file: path=/etc/systemd/system/fail2ban.service.d
state=directory
owner=root group=root
- mode=0750
+ mode=0755
- name: Harden fail2ban.service
copy: src=etc/systemd/system/fail2ban.service.d/override.conf
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 21:21:55 +0000